CVS commit: src/usr.sbin/npf/npfctl

Sun, 09 Dec 2012 18:25:59 -0800 

Module Name:    src
Committed By:   rmind
Date:           Mon Dec 10 02:26:04 UTC 2012

Modified Files:
        src/usr.sbin/npf/npfctl: npf_build.c npf_disassemble.c npfctl.8
            npfctl.c npfctl.h

Log Message:
npfctl: add 'validate' command to check the config, but not load it.  Update
the man page.  Also add a small note about 'debug' command, PR/47298.


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/usr.sbin/npf/npfctl/npf_build.c
cvs rdiff -u -r1.12 -r1.13 src/usr.sbin/npf/npfctl/npf_disassemble.c
cvs rdiff -u -r1.10 -r1.11 src/usr.sbin/npf/npfctl/npfctl.8
cvs rdiff -u -r1.24 -r1.25 src/usr.sbin/npf/npfctl/npfctl.c
cvs rdiff -u -r1.23 -r1.24 src/usr.sbin/npf/npfctl/npfctl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/npf/npfctl/npf_build.c
diff -u src/usr.sbin/npf/npfctl/npf_build.c:1.15 src/usr.sbin/npf/npfctl/npf_build.c:1.16
--- src/usr.sbin/npf/npfctl/npf_build.c:1.15	Mon Nov 26 20:34:28 2012
+++ src/usr.sbin/npf/npfctl/npf_build.c	Mon Dec 10 02:26:04 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_build.c,v 1.15 2012/11/26 20:34:28 rmind Exp $	*/
+/*	$NetBSD: npf_build.c,v 1.16 2012/12/10 02:26:04 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_build.c,v 1.15 2012/11/26 20:34:28 rmind Exp $");
+__RCSID("$NetBSD: npf_build.c,v 1.16 2012/12/10 02:26:04 rmind Exp $");
 
 #include <sys/types.h>
 #include <sys/ioctl.h>
@@ -85,6 +85,12 @@ npfctl_config_send(int fd, const char *o
 	return error;
 }
 
+nl_config_t *
+npfctl_config_ref(void)
+{
+	return npf_conf;
+}
+
 unsigned long
 npfctl_debug_addif(const char *ifname)
 {

Index: src/usr.sbin/npf/npfctl/npf_disassemble.c
diff -u src/usr.sbin/npf/npfctl/npf_disassemble.c:1.12 src/usr.sbin/npf/npfctl/npf_disassemble.c:1.13
--- src/usr.sbin/npf/npfctl/npf_disassemble.c:1.12	Thu Nov 15 22:20:27 2012
+++ src/usr.sbin/npf/npfctl/npf_disassemble.c	Mon Dec 10 02:26:04 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_disassemble.c,v 1.12 2012/11/15 22:20:27 rmind Exp $	*/
+/*	$NetBSD: npf_disassemble.c,v 1.13 2012/12/10 02:26:04 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  * FIXME: config generation should be redesigned..
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_disassemble.c,v 1.12 2012/11/15 22:20:27 rmind Exp $");
+__RCSID("$NetBSD: npf_disassemble.c,v 1.13 2012/12/10 02:26:04 rmind Exp $");
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -702,13 +702,18 @@ npfctl_config_show(int fd)
 	bool active, loaded;
 	int error = 0;
 
-	ncf = npf_config_retrieve(fd, &active, &loaded);
-	if (ncf == NULL) {
-		return errno;
-	}
-	printf("Filtering:\t%s\nConfiguration:\t%s\n\n",
-	    active ? "active" : "inactive",
-	    loaded ? "loaded" : "empty");
+	if (fd) {
+		ncf = npf_config_retrieve(fd, &active, &loaded);
+		if (ncf == NULL) {
+			return errno;
+		}
+		printf("Filtering:\t%s\nConfiguration:\t%s\n\n",
+		    active ? "active" : "inactive",
+		    loaded ? "loaded" : "empty");
+	} else {
+		ncf = npfctl_config_ref();
+		loaded = true;
+	}
 
 	if (loaded) {
 		_npf_table_foreach(ncf, npfctl_show_table);

Index: src/usr.sbin/npf/npfctl/npfctl.8
diff -u src/usr.sbin/npf/npfctl/npfctl.8:1.10 src/usr.sbin/npf/npfctl/npfctl.8:1.11
--- src/usr.sbin/npf/npfctl/npfctl.8:1.10	Thu Nov 15 22:22:53 2012
+++ src/usr.sbin/npf/npfctl/npfctl.8	Mon Dec 10 02:26:04 2012
@@ -1,4 +1,4 @@
-.\"	$NetBSD: npfctl.8,v 1.10 2012/11/15 22:22:53 rmind Exp $
+.\"	$NetBSD: npfctl.8,v 1.11 2012/12/10 02:26:04 rmind Exp $
 .\"
 .\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 15, 2012
+.Dd December 10, 2012
 .Dt NPFCTL 8
 .Os
 .Sh NAME
@@ -79,6 +79,12 @@ Show the current state and configuration
 Syntax of printed configuration is for the user and may not match the
 .Xr npf.conf 5
 syntax.
+.It Ic validate Op Ar path
+Validate the configuration file and the processed form.
+The configuration file at
+.Pa /etc/npf.conf
+will be used unless a file is specified by
+.Ar path .
 .It Ic table Ar tid Ic add Aq Ar addr/mask
 In table
 .Ar tid ,
@@ -117,6 +123,10 @@ Any existing sessions during the load op
 Administrator may want to start packet inspection after the session loading.
 .It Ic stats
 Print various statistics.
+.It Ic debug
+Process the configuration file, print the n-code of each rule
+and dump the raw configuration.
+This is primarily for developer use.
 .El
 .Sh PERFORMANCE
 Reloading the configuration is a relatively expensive operation.

Index: src/usr.sbin/npf/npfctl/npfctl.c
diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.24 src/usr.sbin/npf/npfctl/npfctl.c:1.25
--- src/usr.sbin/npf/npfctl/npfctl.c:1.24	Thu Nov 15 22:20:27 2012
+++ src/usr.sbin/npf/npfctl/npfctl.c	Mon Dec 10 02:26:04 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.24 2012/11/15 22:20:27 rmind Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.25 2012/12/10 02:26:04 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.24 2012/11/15 22:20:27 rmind Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.25 2012/12/10 02:26:04 rmind Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -57,6 +57,7 @@ enum {
 	NPFCTL_RELOAD,
 	NPFCTL_SHOWCONF,
 	NPFCTL_FLUSH,
+	NPFCTL_VALIDATE,
 	NPFCTL_TABLE,
 	NPFCTL_STATS,
 	NPFCTL_SESSIONS_SAVE,
@@ -73,6 +74,7 @@ static const struct operations_s {
 	{	"reload",		NPFCTL_RELOAD		},
 	{	"show",			NPFCTL_SHOWCONF,	},
 	{	"flush",		NPFCTL_FLUSH		},
+	{	"valid",		NPFCTL_VALIDATE		},
 	/* Table */
 	{	"table",		NPFCTL_TABLE		},
 	/* Stats */
@@ -382,6 +384,11 @@ npfctl(int action, int argc, char **argv
 	case NPFCTL_FLUSH:
 		ret = npf_config_flush(fd);
 		break;
+	case NPFCTL_VALIDATE:
+		npfctl_config_init(false);
+		npfctl_parsecfg(argc < 3 ? NPF_CONF_PATH : argv[2]);
+		ret = npfctl_config_show(0);
+		break;
 	case NPFCTL_TABLE:
 		if ((argc -= 2) < 2) {
 			usage();
@@ -433,7 +440,8 @@ main(int argc, char **argv)
 
 	/* Find and call the subroutine. */
 	for (int n = 0; operations[n].cmd != NULL; n++) {
-		if (strcmp(cmd, operations[n].cmd) != 0)
+		const char *opcmd = operations[n].cmd;
+		if (strncmp(cmd, opcmd, strlen(opcmd)) != 0)
 			continue;
 		npfctl(operations[n].action, argc, argv);
 		return EXIT_SUCCESS;

Index: src/usr.sbin/npf/npfctl/npfctl.h
diff -u src/usr.sbin/npf/npfctl/npfctl.h:1.23 src/usr.sbin/npf/npfctl/npfctl.h:1.24
--- src/usr.sbin/npf/npfctl/npfctl.h:1.23	Mon Nov 26 20:34:28 2012
+++ src/usr.sbin/npf/npfctl/npfctl.h	Mon Dec 10 02:26:04 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.h,v 1.23 2012/11/26 20:34:28 rmind Exp $	*/
+/*	$NetBSD: npfctl.h,v 1.24 2012/12/10 02:26:04 rmind Exp $	*/
 
 /*-
  * Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
@@ -177,6 +177,7 @@ int		npfctl_ncode_disassemble(nc_inf_t *
 
 void		npfctl_config_init(bool);
 int		npfctl_config_send(int, const char *);
+nl_config_t *	npfctl_config_ref(void);
 int		npfctl_config_show(int);
 unsigned long	npfctl_debug_addif(const char *);

Reply via email to