Module Name: src Committed By: riz Date: Sun Dec 16 19:41:38 UTC 2012
Modified Files: src/usr.sbin/npf/npfctl [netbsd-6]: npf_build.c npf_disassemble.c npfctl.8 npfctl.c npfctl.h Log Message: Pull up following revision(s) (requested by rmind in ticket #750): usr.sbin/npf/npfctl/npfctl.c: revision 1.25 usr.sbin/npf/npfctl/npfctl.h: revision 1.24 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.13 usr.sbin/npf/npfctl/npf_build.c: revision 1.16 usr.sbin/npf/npfctl/npfctl.8: revision 1.11 npfctl: add 'validate' command to check the config, but not load it. Update the man page. Also add a small note about 'debug' command, PR/47298. To generate a diff of this commit: cvs rdiff -u -r1.4.2.8 -r1.4.2.9 src/usr.sbin/npf/npfctl/npf_build.c cvs rdiff -u -r1.3.2.9 -r1.3.2.10 src/usr.sbin/npf/npfctl/npf_disassemble.c cvs rdiff -u -r1.6.6.3 -r1.6.6.4 src/usr.sbin/npf/npfctl/npfctl.8 cvs rdiff -u -r1.10.2.9 -r1.10.2.10 src/usr.sbin/npf/npfctl/npfctl.c cvs rdiff -u -r1.11.2.10 -r1.11.2.11 src/usr.sbin/npf/npfctl/npfctl.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/usr.sbin/npf/npfctl/npf_build.c diff -u src/usr.sbin/npf/npfctl/npf_build.c:1.4.2.8 src/usr.sbin/npf/npfctl/npf_build.c:1.4.2.9 --- src/usr.sbin/npf/npfctl/npf_build.c:1.4.2.8 Tue Dec 11 04:31:52 2012 +++ src/usr.sbin/npf/npfctl/npf_build.c Sun Dec 16 19:41:37 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_build.c,v 1.4.2.8 2012/12/11 04:31:52 riz Exp $ */ +/* $NetBSD: npf_build.c,v 1.4.2.9 2012/12/16 19:41:37 riz Exp $ */ /*- * Copyright (c) 2011-2012 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npf_build.c,v 1.4.2.8 2012/12/11 04:31:52 riz Exp $"); +__RCSID("$NetBSD: npf_build.c,v 1.4.2.9 2012/12/16 19:41:37 riz Exp $"); #include <sys/types.h> #include <sys/ioctl.h> @@ -85,6 +85,12 @@ npfctl_config_send(int fd, const char *o return error; } +nl_config_t * +npfctl_config_ref(void) +{ + return npf_conf; +} + unsigned long npfctl_debug_addif(const char *ifname) { Index: src/usr.sbin/npf/npfctl/npf_disassemble.c diff -u src/usr.sbin/npf/npfctl/npf_disassemble.c:1.3.2.9 src/usr.sbin/npf/npfctl/npf_disassemble.c:1.3.2.10 --- src/usr.sbin/npf/npfctl/npf_disassemble.c:1.3.2.9 Mon Nov 26 17:39:29 2012 +++ src/usr.sbin/npf/npfctl/npf_disassemble.c Sun Dec 16 19:41:37 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_disassemble.c,v 1.3.2.9 2012/11/26 17:39:29 riz Exp $ */ +/* $NetBSD: npf_disassemble.c,v 1.3.2.10 2012/12/16 19:41:37 riz Exp $ */ /*- * Copyright (c) 2012 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ * FIXME: config generation should be redesigned.. */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npf_disassemble.c,v 1.3.2.9 2012/11/26 17:39:29 riz Exp $"); +__RCSID("$NetBSD: npf_disassemble.c,v 1.3.2.10 2012/12/16 19:41:37 riz Exp $"); #include <stdio.h> #include <stdlib.h> @@ -702,13 +702,18 @@ npfctl_config_show(int fd) bool active, loaded; int error = 0; - ncf = npf_config_retrieve(fd, &active, &loaded); - if (ncf == NULL) { - return errno; - } - printf("Filtering:\t%s\nConfiguration:\t%s\n\n", - active ? "active" : "inactive", - loaded ? "loaded" : "empty"); + if (fd) { + ncf = npf_config_retrieve(fd, &active, &loaded); + if (ncf == NULL) { + return errno; + } + printf("Filtering:\t%s\nConfiguration:\t%s\n\n", + active ? "active" : "inactive", + loaded ? "loaded" : "empty"); + } else { + ncf = npfctl_config_ref(); + loaded = true; + } if (loaded) { _npf_table_foreach(ncf, npfctl_show_table); Index: src/usr.sbin/npf/npfctl/npfctl.8 diff -u src/usr.sbin/npf/npfctl/npfctl.8:1.6.6.3 src/usr.sbin/npf/npfctl/npfctl.8:1.6.6.4 --- src/usr.sbin/npf/npfctl/npfctl.8:1.6.6.3 Sat Nov 24 04:34:43 2012 +++ src/usr.sbin/npf/npfctl/npfctl.8 Sun Dec 16 19:41:37 2012 @@ -1,4 +1,4 @@ -.\" $NetBSD: npfctl.8,v 1.6.6.3 2012/11/24 04:34:43 riz Exp $ +.\" $NetBSD: npfctl.8,v 1.6.6.4 2012/12/16 19:41:37 riz Exp $ .\" .\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 15, 2012 +.Dd December 10, 2012 .Dt NPFCTL 8 .Os .Sh NAME @@ -79,6 +79,12 @@ Show the current state and configuration Syntax of printed configuration is for the user and may not match the .Xr npf.conf 5 syntax. +.It Ic validate Op Ar path +Validate the configuration file and the processed form. +The configuration file at +.Pa /etc/npf.conf +will be used unless a file is specified by +.Ar path . .It Ic table Ar tid Ic add Aq Ar addr/mask In table .Ar tid , @@ -117,6 +123,10 @@ Any existing sessions during the load op Administrator may want to start packet inspection after the session loading. .It Ic stats Print various statistics. +.It Ic debug +Process the configuration file, print the n-code of each rule +and dump the raw configuration. +This is primarily for developer use. .El .Sh PERFORMANCE Reloading the configuration is a relatively expensive operation. Index: src/usr.sbin/npf/npfctl/npfctl.c diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.9 src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.10 --- src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.9 Mon Nov 26 17:39:29 2012 +++ src/usr.sbin/npf/npfctl/npfctl.c Sun Dec 16 19:41:37 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: npfctl.c,v 1.10.2.9 2012/11/26 17:39:29 riz Exp $ */ +/* $NetBSD: npfctl.c,v 1.10.2.10 2012/12/16 19:41:37 riz Exp $ */ /*- * Copyright (c) 2009-2012 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__RCSID("$NetBSD: npfctl.c,v 1.10.2.9 2012/11/26 17:39:29 riz Exp $"); +__RCSID("$NetBSD: npfctl.c,v 1.10.2.10 2012/12/16 19:41:37 riz Exp $"); #include <sys/ioctl.h> #include <sys/stat.h> @@ -57,6 +57,7 @@ enum { NPFCTL_RELOAD, NPFCTL_SHOWCONF, NPFCTL_FLUSH, + NPFCTL_VALIDATE, NPFCTL_TABLE, NPFCTL_STATS, NPFCTL_SESSIONS_SAVE, @@ -73,6 +74,7 @@ static const struct operations_s { { "reload", NPFCTL_RELOAD }, { "show", NPFCTL_SHOWCONF, }, { "flush", NPFCTL_FLUSH }, + { "valid", NPFCTL_VALIDATE }, /* Table */ { "table", NPFCTL_TABLE }, /* Stats */ @@ -382,6 +384,11 @@ npfctl(int action, int argc, char **argv case NPFCTL_FLUSH: ret = npf_config_flush(fd); break; + case NPFCTL_VALIDATE: + npfctl_config_init(false); + npfctl_parsecfg(argc < 3 ? NPF_CONF_PATH : argv[2]); + ret = npfctl_config_show(0); + break; case NPFCTL_TABLE: if ((argc -= 2) < 2) { usage(); @@ -433,7 +440,8 @@ main(int argc, char **argv) /* Find and call the subroutine. */ for (int n = 0; operations[n].cmd != NULL; n++) { - if (strcmp(cmd, operations[n].cmd) != 0) + const char *opcmd = operations[n].cmd; + if (strncmp(cmd, opcmd, strlen(opcmd)) != 0) continue; npfctl(operations[n].action, argc, argv); return EXIT_SUCCESS; Index: src/usr.sbin/npf/npfctl/npfctl.h diff -u src/usr.sbin/npf/npfctl/npfctl.h:1.11.2.10 src/usr.sbin/npf/npfctl/npfctl.h:1.11.2.11 --- src/usr.sbin/npf/npfctl/npfctl.h:1.11.2.10 Tue Dec 11 04:31:52 2012 +++ src/usr.sbin/npf/npfctl/npfctl.h Sun Dec 16 19:41:37 2012 @@ -1,4 +1,4 @@ -/* $NetBSD: npfctl.h,v 1.11.2.10 2012/12/11 04:31:52 riz Exp $ */ +/* $NetBSD: npfctl.h,v 1.11.2.11 2012/12/16 19:41:37 riz Exp $ */ /*- * Copyright (c) 2009-2012 The NetBSD Foundation, Inc. @@ -178,6 +178,7 @@ int npfctl_ncode_disassemble(nc_inf_t * void npfctl_config_init(bool); int npfctl_config_send(int, const char *); +nl_config_t * npfctl_config_ref(void); int npfctl_config_show(int); unsigned long npfctl_debug_addif(const char *);