npfctl

Martin Husemann Mon, 29 Dec 2014 09:32:30 -0800

Module Name:    src
Committed By:   martin
Date:           Mon Dec 29 17:31:47 UTC 2014


Modified Files:
        src/usr.sbin/npf/npfctl [netbsd-7]: npf.conf.5 npf_parse.y npf_scan.l
            npfctl.c npfctl.h

Log Message:
Pull up following revision(s) (requested by rmind in ticket #359):
        usr.sbin/npf/npfctl/npf_scan.l: revision 1.22
        usr.sbin/npf/npfctl/npf.conf.5: revision 1.43
        usr.sbin/npf/npfctl/npfctl.c: revision 1.44
        usr.sbin/npf/npfctl/npf_parse.y: revision 1.36
        usr.sbin/npf/npfctl/npfctl.c: revision 1.45
        usr.sbin/npf/npfctl/npfctl.h: revision 1.39
npfctl(8): attempt to preload bpfjit kernel module and print the
warning on failure.
allow turning off the bpf jit loading.


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.42.2.1 src/usr.sbin/npf/npfctl/npf.conf.5
cvs rdiff -u -r1.35 -r1.35.4.1 src/usr.sbin/npf/npfctl/npf_parse.y
cvs rdiff -u -r1.21 -r1.21.2.1 src/usr.sbin/npf/npfctl/npf_scan.l
cvs rdiff -u -r1.42.2.1 -r1.42.2.2 src/usr.sbin/npf/npfctl/npfctl.c
cvs rdiff -u -r1.38 -r1.38.2.1 src/usr.sbin/npf/npfctl/npfctl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.sbin/npf/npfctl/npf.conf.5
diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.42 src/usr.sbin/npf/npfctl/npf.conf.5:1.42.2.1
--- src/usr.sbin/npf/npfctl/npf.conf.5:1.42	Sun Aug  3 00:02:56 2014
+++ src/usr.sbin/npf/npfctl/npf.conf.5	Mon Dec 29 17:31:47 2014
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.42 2014/08/03 00:02:56 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.42.2.1 2014/12/29 17:31:47 martin Exp $
 .\"
 .\" Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 2, 2014
+.Dd December 26, 2014
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -240,6 +240,9 @@ var-name	= "$" . string
 interface	= interface-name | var-name
 var-def		= var "=" ( var-value | "{" value *[ "," value ] "}" )
 
+; Parameter setting
+set-statement	= "set" parameter value
+
 ; Table definition.  Table ID shall be numeric.  Path is in the double quotes.
 
 table-id	= \*[Lt]table-name\*[Gt]

Index: src/usr.sbin/npf/npfctl/npf_parse.y
diff -u src/usr.sbin/npf/npfctl/npf_parse.y:1.35 src/usr.sbin/npf/npfctl/npf_parse.y:1.35.4.1
--- src/usr.sbin/npf/npfctl/npf_parse.y:1.35	Sat Mar 15 15:22:37 2014
+++ src/usr.sbin/npf/npfctl/npf_parse.y	Mon Dec 29 17:31:47 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_parse.y,v 1.35 2014/03/15 15:22:37 riastradh Exp $	*/
+/*	$NetBSD: npf_parse.y,v 1.35.4.1 2014/12/29 17:31:47 martin Exp $	*/
 
 /*-
  * Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
@@ -92,6 +92,7 @@ yyerror(const char *fmt, ...)
 %token			ARROWLEFT
 %token			ARROWRIGHT
 %token			BLOCK
+%token			BPFJIT
 %token			CDB
 %token			CURLY_CLOSE
 %token			CURLY_OPEN
@@ -118,6 +119,7 @@ yyerror(const char *fmt, ...)
 %token			NAME
 %token			NPT66
 %token			ON
+%token			OFF
 %token			OUT
 %token			PAR_CLOSE
 %token			PAR_OPEN
@@ -134,6 +136,7 @@ yyerror(const char *fmt, ...)
 %token			RETURNRST
 %token			RULESET
 %token			SEPLINE
+%token			SET
 %token			SLASH
 %token			STATEFUL
 %token			STATEFUL_ENDS
@@ -169,9 +172,11 @@ yyerror(const char *fmt, ...)
 %type	<filtopts>	filt_opts, all_or_filt_opts
 %type	<optproto>	opt_proto
 %type	<rulegroup>	group_opts
+%type	<tf>		onoff
 
 %union {
 	char *		str;
+	bool		tf;
 	unsigned long	num;
 	double		fpnum;
 	npfvar_t *	var;
@@ -200,6 +205,7 @@ line
 	| group
 	| rproc
 	| alg
+	| set
 	|
 	;
 
@@ -210,6 +216,21 @@ alg
 	}
 	;
 
+onoff
+	: ON {
+		$$ = true;
+	}
+	| OFF {
+		$$ = false;
+	}
+	;
+
+set
+	: SET BPFJIT onoff {
+		npfctl_bpfjit($3);
+	}
+	;
+
 /*
  * A value - an element or a list of elements.
  * Can be assigned to a variable or used inline.

Index: src/usr.sbin/npf/npfctl/npf_scan.l
diff -u src/usr.sbin/npf/npfctl/npf_scan.l:1.21 src/usr.sbin/npf/npfctl/npf_scan.l:1.21.2.1
--- src/usr.sbin/npf/npfctl/npf_scan.l:1.21	Sat May 31 22:37:05 2014
+++ src/usr.sbin/npf/npfctl/npf_scan.l	Mon Dec 29 17:31:47 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_scan.l,v 1.21 2014/05/31 22:37:05 rmind Exp $	*/
+/*	$NetBSD: npf_scan.l,v 1.21.2.1 2014/12/29 17:31:47 martin Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -97,6 +97,7 @@ static			return TSTATIC;
 dynamic			return TDYNAMIC;
 file			return TFILE;
 map			return MAP;
+set			return SET;
 "<->"			return ARROWBOTH;
 "<-"			return ARROWLEFT;
 "->"			return ARROWRIGHT;
@@ -124,6 +125,8 @@ apply			return APPLY;
 final			return FINAL;
 quick			return FINAL;
 on			return ON;
+off			return OFF;
+bpf.jit			return BPFJIT;
 inet6			return INET6;
 inet4			return INET4;
 proto			return PROTO;

Index: src/usr.sbin/npf/npfctl/npfctl.c
diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.42.2.1 src/usr.sbin/npf/npfctl/npfctl.c:1.42.2.2
--- src/usr.sbin/npf/npfctl/npfctl.c:1.42.2.1	Fri Aug 29 11:14:14 2014
+++ src/usr.sbin/npf/npfctl/npfctl.c	Mon Dec 29 17:31:47 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.42.2.1 2014/08/29 11:14:14 martin Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.42.2.2 2014/12/29 17:31:47 martin Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -30,11 +30,12 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.42.2.1 2014/08/29 11:14:14 martin Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.42.2.2 2014/12/29 17:31:47 martin Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <sys/module.h>
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -480,6 +481,38 @@ npfctl_rule(int fd, int argc, char **arg
 	exit(EXIT_SUCCESS);
 }
 
+static bool bpfjit = true;
+
+void
+npfctl_bpfjit(bool onoff)
+{
+	bpfjit = onoff;
+}
+
+static void
+npfctl_preload_bpfjit(void)
+{
+	modctl_load_t args = {
+		.ml_filename = "bpfjit",
+		.ml_flags = MODCTL_NO_PROP,
+		.ml_props = NULL,
+		.ml_propslen = 0
+	};
+
+	if (!bpfjit)
+		return;
+
+	if (modctl(MODCTL_LOAD, &args) != 0 && errno != EEXIST) {
+		static const char *p = "; performance will be degraded";
+		if (errno == ENOENT)
+			warnx("the bpfjit module seems to be missing%s", p);
+		else
+			warn("error loading the bpfjit module%s", p);
+		warnx("To disable this warning `set bpf.jit off' in "
+		    "/etc/npf.conf");
+	}
+}
+
 static int
 npfctl_save(int fd)
 {
@@ -547,6 +580,7 @@ npfctl(int action, int argc, char **argv
 		fun = "ioctl(IOC_NPF_SWITCH)";
 		break;
 	case NPFCTL_RELOAD:
+		npfctl_preload_bpfjit();
 		npfctl_config_init(false);
 		npfctl_parse_file(argc < 3 ? NPF_CONF_PATH : argv[2]);
 		errno = ret = npfctl_config_send(fd, NULL);
@@ -581,6 +615,7 @@ npfctl(int action, int argc, char **argv
 		npfctl_rule(fd, argc, argv);
 		break;
 	case NPFCTL_LOAD:
+		npfctl_preload_bpfjit();
 		ret = npfctl_load(fd);
 		fun = "npfctl_config_load";
 		break;

Index: src/usr.sbin/npf/npfctl/npfctl.h
diff -u src/usr.sbin/npf/npfctl/npfctl.h:1.38 src/usr.sbin/npf/npfctl/npfctl.h:1.38.2.1
--- src/usr.sbin/npf/npfctl/npfctl.h:1.38	Wed Jul 23 01:25:34 2014
+++ src/usr.sbin/npf/npfctl/npfctl.h	Mon Dec 29 17:31:47 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.h,v 1.38 2014/07/23 01:25:34 rmind Exp $	*/
+/*	$NetBSD: npfctl.h,v 1.38.2.1 2014/12/29 17:31:47 martin Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -106,6 +106,7 @@ enum { NPFCTL_PARSE_FILE, NPFCTL_PARSE_S
 
 bool		join(char *, size_t, int, char **, const char *);
 void		yyerror(const char *, ...) __printflike(1, 2) __dead;
+void		npfctl_bpfjit(bool);
 void		npfctl_parse_file(const char *);
 void		npfctl_parse_string(const char *);

CVS commit: [netbsd-7] src/usr.sbin/npf/npfctl

Reply via email to