[src/netbsd-7]: src/usr.sbin/npf/npfctl Pull up following revision(s) (reques...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/bcf947e6d381
branches:  netbsd-7
changeset: 798754:bcf947e6d381
user:      martin <martin%NetBSD.org@localhost>
date:      Mon Dec 29 17:31:47 2014 +0000

description:
Pull up following revision(s) (requested by rmind in ticket #359):
        usr.sbin/npf/npfctl/npf_scan.l: revision 1.22
        usr.sbin/npf/npfctl/npf.conf.5: revision 1.43
        usr.sbin/npf/npfctl/npfctl.c: revision 1.44
        usr.sbin/npf/npfctl/npf_parse.y: revision 1.36
        usr.sbin/npf/npfctl/npfctl.c: revision 1.45
        usr.sbin/npf/npfctl/npfctl.h: revision 1.39
npfctl(8): attempt to preload bpfjit kernel module and print the
warning on failure.
allow turning off the bpf jit loading.

diffstat:

 usr.sbin/npf/npfctl/npf.conf.5  |   7 +++++--
 usr.sbin/npf/npfctl/npf_parse.y |  23 ++++++++++++++++++++++-
 usr.sbin/npf/npfctl/npf_scan.l  |   5 ++++-
 usr.sbin/npf/npfctl/npfctl.c    |  39 +++++++++++++++++++++++++++++++++++++--
 usr.sbin/npf/npfctl/npfctl.h    |   3 ++-
 5 files changed, 70 insertions(+), 7 deletions(-)

diffs (224 lines):

diff -r 98d3d7fc3d1a -r bcf947e6d381 usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5    Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5    Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.42 2014/08/03 00:02:56 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.42.2.1 2014/12/29 17:31:47 martin Exp $
 .\"
 .\" Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 2, 2014
+.Dd December 26, 2014
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -240,6 +240,9 @@
 interface      = interface-name | var-name
 var-def                = var "=" ( var-value | "{" value *[ "," value ] "}" )
 
+; Parameter setting
+set-statement  = "set" parameter value
+
 ; Table definition.  Table ID shall be numeric.  Path is in the double quotes.
 
 table-id       = \*[Lt]table-name\*[Gt]
diff -r 98d3d7fc3d1a -r bcf947e6d381 usr.sbin/npf/npfctl/npf_parse.y
--- a/usr.sbin/npf/npfctl/npf_parse.y   Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf_parse.y   Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_parse.y,v 1.35 2014/03/15 15:22:37 riastradh Exp $ */
+/*     $NetBSD: npf_parse.y,v 1.35.4.1 2014/12/29 17:31:47 martin Exp $        */
 
 /*-
  * Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
@@ -92,6 +92,7 @@
 %token                 ARROWLEFT
 %token                 ARROWRIGHT
 %token                 BLOCK
+%token                 BPFJIT
 %token                 CDB
 %token                 CURLY_CLOSE
 %token                 CURLY_OPEN
@@ -118,6 +119,7 @@
 %token                 NAME
 %token                 NPT66
 %token                 ON
+%token                 OFF
 %token                 OUT
 %token                 PAR_CLOSE
 %token                 PAR_OPEN
@@ -134,6 +136,7 @@
 %token                 RETURNRST
 %token                 RULESET
 %token                 SEPLINE
+%token                 SET
 %token                 SLASH
 %token                 STATEFUL
 %token                 STATEFUL_ENDS
@@ -169,9 +172,11 @@
 %type  <filtopts>      filt_opts, all_or_filt_opts
 %type  <optproto>      opt_proto
 %type  <rulegroup>     group_opts
+%type  <tf>            onoff
 
 %union {
        char *          str;
+       bool            tf;
        unsigned long   num;
        double          fpnum;
        npfvar_t *      var;
@@ -200,6 +205,7 @@
        | group
        | rproc
        | alg
+       | set
        |
        ;
 
@@ -210,6 +216,21 @@
        }
        ;
 
+onoff
+       : ON {
+               $$ = true;
+       }
+       | OFF {
+               $$ = false;
+       }
+       ;
+
+set
+       : SET BPFJIT onoff {
+               npfctl_bpfjit($3);
+       }
+       ;
+
 /*
  * A value - an element or a list of elements.
  * Can be assigned to a variable or used inline.
diff -r 98d3d7fc3d1a -r bcf947e6d381 usr.sbin/npf/npfctl/npf_scan.l
--- a/usr.sbin/npf/npfctl/npf_scan.l    Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf_scan.l    Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_scan.l,v 1.21 2014/05/31 22:37:05 rmind Exp $      */
+/*     $NetBSD: npf_scan.l,v 1.21.2.1 2014/12/29 17:31:47 martin Exp $ */
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -97,6 +97,7 @@
 dynamic                        return TDYNAMIC;
 file                   return TFILE;
 map                    return MAP;
+set                    return SET;
 "<->"                  return ARROWBOTH;
 "<-"                   return ARROWLEFT;
 "->"                   return ARROWRIGHT;
@@ -124,6 +125,8 @@
 final                  return FINAL;
 quick                  return FINAL;
 on                     return ON;
+off                    return OFF;
+bpf.jit                        return BPFJIT;
 inet6                  return INET6;
 inet4                  return INET4;
 proto                  return PROTO;
diff -r 98d3d7fc3d1a -r bcf947e6d381 usr.sbin/npf/npfctl/npfctl.c
--- a/usr.sbin/npf/npfctl/npfctl.c      Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.c      Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npfctl.c,v 1.42.2.1 2014/08/29 11:14:14 martin Exp $   */
+/*     $NetBSD: npfctl.c,v 1.42.2.2 2014/12/29 17:31:47 martin Exp $   */
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -30,11 +30,12 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.42.2.1 2014/08/29 11:14:14 martin Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.42.2.2 2014/12/29 17:31:47 martin Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <sys/module.h>
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -480,6 +481,38 @@
        exit(EXIT_SUCCESS);
 }
 
+static bool bpfjit = true;
+
+void
+npfctl_bpfjit(bool onoff)
+{
+       bpfjit = onoff;
+}
+
+static void
+npfctl_preload_bpfjit(void)
+{
+       modctl_load_t args = {
+               .ml_filename = "bpfjit",
+               .ml_flags = MODCTL_NO_PROP,
+               .ml_props = NULL,
+               .ml_propslen = 0
+       };
+
+       if (!bpfjit)
+               return;
+
+       if (modctl(MODCTL_LOAD, &args) != 0 && errno != EEXIST) {
+               static const char *p = "; performance will be degraded";
+               if (errno == ENOENT)
+                       warnx("the bpfjit module seems to be missing%s", p);
+               else
+                       warn("error loading the bpfjit module%s", p);
+               warnx("To disable this warning `set bpf.jit off' in "
+                   "/etc/npf.conf");
+       }
+}
+
 static int
 npfctl_save(int fd)
 {
@@ -547,6 +580,7 @@
                fun = "ioctl(IOC_NPF_SWITCH)";
                break;
        case NPFCTL_RELOAD:
+               npfctl_preload_bpfjit();
                npfctl_config_init(false);
                npfctl_parse_file(argc < 3 ? NPF_CONF_PATH : argv[2]);
                errno = ret = npfctl_config_send(fd, NULL);
@@ -581,6 +615,7 @@
                npfctl_rule(fd, argc, argv);
                break;
        case NPFCTL_LOAD:
+               npfctl_preload_bpfjit();
                ret = npfctl_load(fd);
                fun = "npfctl_config_load";
                break;
diff -r 98d3d7fc3d1a -r bcf947e6d381 usr.sbin/npf/npfctl/npfctl.h
--- a/usr.sbin/npf/npfctl/npfctl.h      Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.h      Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npfctl.h,v 1.38 2014/07/23 01:25:34 rmind Exp $        */
+/*     $NetBSD: npfctl.h,v 1.38.2.1 2014/12/29 17:31:47 martin Exp $   */
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -106,6 +106,7 @@
 
 bool           join(char *, size_t, int, char **, const char *);
 void           yyerror(const char *, ...) __printflike(1, 2) __dead;
+void           npfctl_bpfjit(bool);
 void           npfctl_parse_file(const char *);
 void           npfctl_parse_string(const char *);