[src/netbsd-6]: src/usr.sbin/npf/npfctl Pull up following revision(s) (reques...

[riz <riz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/09ba33dca795
branches:  netbsd-6
changeset: 775745:09ba33dca795
user:      riz <riz%NetBSD.org@localhost>
date:      Sun Mar 31 17:43:16 2013 +0000

description:
Pull up following revision(s) (requested by rmind in ticket #852):
        usr.sbin/npf/npfctl/npf.conf.5: revision 1.28
        usr.sbin/npf/npfctl/npf_parse.y: revision 1.19
        usr.sbin/npf/npfctl/npf_parse.y: revision 1.20
        usr.sbin/npf/npfctl/npfctl.c: revision 1.32
Fix the example (deja vu?).
deal with strings as interfaces
centralize error handling and print what went wrong instead of &quot;ioctl&quot;
handle port &quot;ftp-data&quot;

diffstat:

 usr.sbin/npf/npfctl/npf.conf.5  |   4 +-
 usr.sbin/npf/npfctl/npf_parse.y |  45 ++++++++++++++++++++++++++++++++++++----
 usr.sbin/npf/npfctl/npfctl.c    |  23 ++++++++++++--------
 3 files changed, 56 insertions(+), 16 deletions(-)

diffs (203 lines):

diff -r 4e5e76704288 -r 09ba33dca795 usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5    Sun Mar 31 17:30:20 2013 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5    Sun Mar 31 17:43:16 2013 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.9.2.8 2013/02/11 21:49:47 riz Exp $
+.\"    $NetBSD: npf.conf.5,v 1.9.2.9 2013/03/31 17:43:16 riz Exp $
 .\"
 .\" Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -283,7 +283,7 @@
 # Note: if $ext_if has multiple IP address (e.g. IPv6 as well),
 # then the translation address has to be specified explicitly.
 map $ext_if dynamic 10.1.1.0/24 -> $ext_if
-map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if 9022
+map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if port 9022
 
 procedure "log" {
        # Note: npf_ext_log kernel module should be loaded, if not built-in.
diff -r 4e5e76704288 -r 09ba33dca795 usr.sbin/npf/npfctl/npf_parse.y
--- a/usr.sbin/npf/npfctl/npf_parse.y   Sun Mar 31 17:30:20 2013 +0000
+++ b/usr.sbin/npf/npfctl/npf_parse.y   Sun Mar 31 17:43:16 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_parse.y,v 1.3.2.11 2013/02/11 21:49:47 riz Exp $   */
+/*     $NetBSD: npf_parse.y,v 1.3.2.12 2013/03/31 17:43:16 riz Exp $   */
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -152,7 +152,7 @@
 %token <str>           TABLE_ID
 %token <str>           VAR_ID
 
-%type  <str>           addr, some_name, list_elem, table_store
+%type  <str>           addr, some_name, list_elem, table_store, string
 %type  <str>           proc_param_val, opt_apply
 %type  <num>           ifindex, port, opt_final, on_ifindex
 %type  <num>           afamily, opt_family
@@ -621,10 +621,17 @@
        | VAR_ID
        {
                npfvar_t *vp = npfvar_lookup($1);
-               const int type = npfvar_get_type(vp, 0);
+               int type = npfvar_get_type(vp, 0);
                ifnet_addr_t *ifna;
 
+again:
                switch (type) {
+               case NPFVAR_IDENTIFIER:
+               case NPFVAR_STRING:
+                       vp = npfctl_parse_ifnet(npfvar_expand_string(vp),
+                           AF_UNSPEC);
+                       type = npfvar_get_type(vp, 0);
+                       goto again;
                case NPFVAR_FAM:
                        $$ = vp;
                        break;
@@ -670,6 +677,7 @@
 port
        : NUM           { $$ = $1; }
        | IDENTIFIER    { $$ = npfctl_portno($1); }
+       | STRING        { $$ = npfctl_portno($1); }
        ;
 
 icmp_type_and_code
@@ -727,15 +735,42 @@
        }
        ;
 
+string
+       : IDENTIFIER
+       {
+               $$ = $1;
+       }
+       | VAR_ID
+       {
+               npfvar_t *vp = npfvar_lookup($1);
+               const int type = npfvar_get_type(vp, 0);
+
+               switch (type) {
+               case NPFVAR_STRING:
+               case NPFVAR_IDENTIFIER:
+                       $$ = npfvar_expand_string(vp);
+                       break;
+               case -1:
+                       yyerror("undefined variable '%s' for interface", $1);
+                       break;
+               default:
+                       yyerror("wrong variable '%s' type '%s' for string",
+                           $1, npfvar_type(type));
+                       break;
+               }
+       }
+       ;
+
 ifnet
-       : IFNET PAR_OPEN IDENTIFIER PAR_CLOSE
+       : IFNET PAR_OPEN string PAR_CLOSE
        {
                $$ = npfctl_parse_ifnet($3, AF_UNSPEC);
        }
-       | afamily PAR_OPEN IDENTIFIER PAR_CLOSE
+       | afamily PAR_OPEN string PAR_CLOSE
        {
                $$ = npfctl_parse_ifnet($3, $1);
        }
+       ;
 
 ifindex
        : some_name
diff -r 4e5e76704288 -r 09ba33dca795 usr.sbin/npf/npfctl/npfctl.c
--- a/usr.sbin/npf/npfctl/npfctl.c      Sun Mar 31 17:30:20 2013 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.c      Sun Mar 31 17:43:16 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npfctl.c,v 1.10.2.15 2013/02/18 18:26:14 riz Exp $     */
+/*     $NetBSD: npfctl.c,v 1.10.2.16 2013/03/31 17:43:16 riz Exp $     */
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.10.2.15 2013/02/18 18:26:14 riz Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.10.2.16 2013/03/31 17:43:16 riz Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -339,7 +339,7 @@
                }
                /* FALLTHROUGH */
        default:
-               err(EXIT_FAILURE, "ioctl");
+               err(EXIT_FAILURE, "ioctl(IOC_NPF_TABLE)");
        }
 
        if (nct.nct_cmd == NPF_CMD_TABLE_LIST) {
@@ -484,7 +484,7 @@
                err(EXIT_FAILURE, "cannot open '%s'", NPF_DEV_PATH);
        }
        if (ioctl(fd, IOC_NPF_VERSION, &ver) == -1) {
-               err(EXIT_FAILURE, "ioctl");
+               err(EXIT_FAILURE, "ioctl(IOC_NPF_VERSION)");
        }
        if (ver != NPF_VERSION) {
                errx(EXIT_FAILURE,
@@ -492,33 +492,37 @@
                    "Hint: update userland?", NPF_VERSION, ver);
        }
 
+       const char *fun = "";
        switch (action) {
        case NPFCTL_START:
                boolval = true;
                ret = ioctl(fd, IOC_NPF_SWITCH, &boolval);
+               fun = "ioctl(IOC_NPF_SWITCH)";
                break;
        case NPFCTL_STOP:
                boolval = false;
                ret = ioctl(fd, IOC_NPF_SWITCH, &boolval);
+               fun = "ioctl(IOC_NPF_SWITCH)";
                break;
        case NPFCTL_RELOAD:
                npfctl_config_init(false);
                npfctl_parse_file(argc < 3 ? NPF_CONF_PATH : argv[2]);
-               ret = npfctl_config_send(fd, NULL);
-               if (ret) {
-                       errx(EXIT_FAILURE, "ioctl: %s", strerror(ret));
-               }
+               errno = ret = npfctl_config_send(fd, NULL);
+               fun = "npfctl_config_send";
                break;
        case NPFCTL_SHOWCONF:
                ret = npfctl_config_show(fd);
+               fun = "npfctl_config_show";
                break;
        case NPFCTL_FLUSH:
                ret = npf_config_flush(fd);
+               fun = "npf_config_flush";
                break;
        case NPFCTL_VALIDATE:
                npfctl_config_init(false);
                npfctl_parse_file(argc < 3 ? NPF_CONF_PATH : argv[2]);
                ret = npfctl_config_show(0);
+               fun = "npfctl_config_show";
                break;
        case NPFCTL_TABLE:
                if ((argc -= 2) < 2) {
@@ -536,6 +540,7 @@
                break;
        case NPFCTL_STATS:
                ret = npfctl_print_stats(fd);
+               fun = "npfctl_print_stats";
                break;
        case NPFCTL_SESSIONS_SAVE:
                if (npf_sessions_recv(fd, NPF_SESSDB_PATH) != 0) {
@@ -551,7 +556,7 @@
                break;
        }
        if (ret) {
-               err(EXIT_FAILURE, "ioctl");
+               err(EXIT_FAILURE, "%s", fun);
        }
        close(fd);
 }