Module Name:    src
Committed By:   riz
Date:           Mon Feb 18 18:26:15 UTC 2013

Modified Files:
        src/lib/libnpf [netbsd-6]: npf.c npf.h
        src/sys/net/npf [netbsd-6]: npf_ctl.c npf_impl.h npf_ruleset.c
        src/usr.sbin/npf/npfctl [netbsd-6]: npf_build.c npf_disassemble.c
            npfctl.8 npfctl.c npfctl.h
        src/usr.sbin/npf/npftest/libnpftest [netbsd-6]: npf_rule_test.c

Log Message:
Pull up following revision(s) (requested by rmind in ticket #829):
        usr.sbin/npf/npfctl/npfctl.8: revision 1.13
        usr.sbin/npf/npfctl/npf_build.c: revision 1.21
        lib/libnpf/npf.c: revision 1.18
        sys/net/npf/npf_ctl.c: revision 1.23
        usr.sbin/npf/npfctl/npfctl.h: revision 1.27
        lib/libnpf/npf.h: revision 1.15
        sys/net/npf/npf_ruleset.c: revision 1.19
        sys/net/npf/npf_impl.h: revision 1.28
        usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.17
        usr.sbin/npf/npfctl/npfctl.c: revision 1.31
        usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.6
- Convert NPF dynamic rule ID to just incremented 64-bit counter.
- Fix multiple bugs.  Also, update the man page.


To generate a diff of this commit:
cvs rdiff -u -r1.7.2.9 -r1.7.2.10 src/lib/libnpf/npf.c
cvs rdiff -u -r1.6.2.7 -r1.6.2.8 src/lib/libnpf/npf.h
cvs rdiff -u -r1.12.2.8 -r1.12.2.9 src/sys/net/npf/npf_ctl.c
cvs rdiff -u -r1.10.2.13 -r1.10.2.14 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.10.2.6 -r1.10.2.7 src/sys/net/npf/npf_ruleset.c
cvs rdiff -u -r1.4.2.11 -r1.4.2.12 src/usr.sbin/npf/npfctl/npf_build.c
cvs rdiff -u -r1.3.2.11 -r1.3.2.12 src/usr.sbin/npf/npfctl/npf_disassemble.c
cvs rdiff -u -r1.6.6.5 -r1.6.6.6 src/usr.sbin/npf/npfctl/npfctl.8
cvs rdiff -u -r1.10.2.14 -r1.10.2.15 src/usr.sbin/npf/npfctl/npfctl.c
cvs rdiff -u -r1.11.2.12 -r1.11.2.13 src/usr.sbin/npf/npfctl/npfctl.h
cvs rdiff -u -r1.1.2.5 -r1.1.2.6 \
    src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libnpf/npf.c
diff -u src/lib/libnpf/npf.c:1.7.2.9 src/lib/libnpf/npf.c:1.7.2.10
--- src/lib/libnpf/npf.c:1.7.2.9	Mon Feb 11 21:49:48 2013
+++ src/lib/libnpf/npf.c	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf.c,v 1.7.2.9 2013/02/11 21:49:48 riz Exp $	*/
+/*	$NetBSD: npf.c,v 1.7.2.10 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2010-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.7.2.9 2013/02/11 21:49:48 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf.c,v 1.7.2.10 2013/02/18 18:26:14 riz Exp $");
 
 #include <sys/types.h>
 #include <netinet/in_systm.h>
@@ -263,25 +263,23 @@ _npf_prop_array_lookup(prop_array_t arra
  */
 
 int
-npf_ruleset_add(int fd, const char *rname, nl_rule_t *rl, uintptr_t *id)
+npf_ruleset_add(int fd, const char *rname, nl_rule_t *rl, uint64_t *id)
 {
 	prop_dictionary_t rldict = rl->nrl_dict;
 	prop_dictionary_t ret;
-	uint64_t id64;
 	int error;
 
 	prop_dictionary_set_cstring(rldict, "ruleset-name", rname);
 	prop_dictionary_set_uint32(rldict, "command", NPF_CMD_RULE_ADD);
 	error = prop_dictionary_sendrecv_ioctl(rldict, fd, IOC_NPF_RULE, &ret);
 	if (!error) {
-		prop_dictionary_get_uint64(ret, "id", &id64);
-		*id = (uintptr_t)id64;
+		prop_dictionary_get_uint64(ret, "id", id);
 	}
 	return error;
 }
 
 int
-npf_ruleset_remove(int fd, const char *rname, uintptr_t id)
+npf_ruleset_remove(int fd, const char *rname, uint64_t id)
 {
 	prop_dictionary_t rldict;
 
@@ -291,8 +289,7 @@ npf_ruleset_remove(int fd, const char *r
 	}
 	prop_dictionary_set_cstring(rldict, "ruleset-name", rname);
 	prop_dictionary_set_uint32(rldict, "command", NPF_CMD_RULE_REMOVE);
-	__CTASSERT(sizeof(uintptr_t) <= sizeof(uint64_t));
-	prop_dictionary_set_uint64(rldict, "id", (uint64_t)id);
+	prop_dictionary_set_uint64(rldict, "id", id);
 	return prop_dictionary_send_ioctl(rldict, fd, IOC_NPF_RULE);
 }
 

Index: src/lib/libnpf/npf.h
diff -u src/lib/libnpf/npf.h:1.6.2.7 src/lib/libnpf/npf.h:1.6.2.8
--- src/lib/libnpf/npf.h:1.6.2.7	Mon Feb 11 21:49:48 2013
+++ src/lib/libnpf/npf.h	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf.h,v 1.6.2.7 2013/02/11 21:49:48 riz Exp $	*/
+/*	$NetBSD: npf.h,v 1.6.2.8 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -79,8 +79,8 @@ void		npf_config_destroy(nl_config_t *);
 nl_config_t *	npf_config_retrieve(int, bool *, bool *);
 int		npf_config_flush(int);
 
-int		npf_ruleset_add(int, const char *, nl_rule_t *, uintptr_t *);
-int		npf_ruleset_remove(int, const char *, uintptr_t);
+int		npf_ruleset_add(int, const char *, nl_rule_t *, uint64_t *);
+int		npf_ruleset_remove(int, const char *, uint64_t);
 int		npf_ruleset_remkey(int, const char *, const void *, size_t);
 int		npf_ruleset_flush(int, const char *);
 

Index: src/sys/net/npf/npf_ctl.c
diff -u src/sys/net/npf/npf_ctl.c:1.12.2.8 src/sys/net/npf/npf_ctl.c:1.12.2.9
--- src/sys/net/npf/npf_ctl.c:1.12.2.8	Mon Feb 11 21:49:48 2013
+++ src/sys/net/npf/npf_ctl.c	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ctl.c,v 1.12.2.8 2013/02/11 21:49:48 riz Exp $	*/
+/*	$NetBSD: npf_ctl.c,v 1.12.2.9 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.12.2.8 2013/02/11 21:49:48 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ctl.c,v 1.12.2.9 2013/02/18 18:26:14 riz Exp $");
 
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -558,8 +558,6 @@ npfctl_rule(u_long cmd, void *data)
 			return EINVAL;
 		}
 		retdict = prop_dictionary_create();
-		prop_dictionary_set_uint64(retdict, "id",
-		    (uint64_t)(uintptr_t)rl);
 	}
 
 	npf_config_enter();
@@ -569,19 +567,20 @@ npfctl_rule(u_long cmd, void *data)
 	case NPF_CMD_RULE_ADD: {
 		if ((error = npf_ruleset_add(rlset, ruleset_name, rl)) == 0) {
 			/* Success. */
+			uint64_t id = npf_rule_getid(rl);
+			prop_dictionary_set_uint64(retdict, "id", id);
 			rl = NULL;
 		}
 		break;
 	}
 	case NPF_CMD_RULE_REMOVE: {
-		uint64_t id64;
+		uint64_t id;
 
-		CTASSERT(sizeof(uintptr_t) <= sizeof(uint64_t));
-		if (!prop_dictionary_get_uint64(npf_rule, "id", &id64)) {
+		if (!prop_dictionary_get_uint64(npf_rule, "id", &id)) {
 			error = EINVAL;
 			break;
 		}
-		error = npf_ruleset_remove(rlset, ruleset_name, (uintptr_t)id64);
+		error = npf_ruleset_remove(rlset, ruleset_name, id);
 		break;
 	}
 	case NPF_CMD_RULE_REMKEY: {

Index: src/sys/net/npf/npf_impl.h
diff -u src/sys/net/npf/npf_impl.h:1.10.2.13 src/sys/net/npf/npf_impl.h:1.10.2.14
--- src/sys/net/npf/npf_impl.h:1.10.2.13	Mon Feb 11 21:49:49 2013
+++ src/sys/net/npf/npf_impl.h	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_impl.h,v 1.10.2.13 2013/02/11 21:49:49 riz Exp $	*/
+/*	$NetBSD: npf_impl.h,v 1.10.2.14 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -232,7 +232,7 @@ npf_rule_t *	npf_ruleset_sharepm(npf_rul
 void		npf_ruleset_freealg(npf_ruleset_t *, npf_alg_t *);
 
 int		npf_ruleset_add(npf_ruleset_t *, const char *, npf_rule_t *);
-int		npf_ruleset_remove(npf_ruleset_t *, const char *, uintptr_t);
+int		npf_ruleset_remove(npf_ruleset_t *, const char *, uint64_t);
 int		npf_ruleset_remkey(npf_ruleset_t *, const char *,
 		    const void *, size_t);
 prop_dictionary_t npf_ruleset_list(npf_ruleset_t *, const char *);
@@ -248,6 +248,7 @@ npf_rule_t *	npf_rule_alloc(prop_diction
 void		npf_rule_setcode(npf_rule_t *, int, void *, size_t);
 void		npf_rule_setrproc(npf_rule_t *, npf_rproc_t *);
 void		npf_rule_free(npf_rule_t *);
+uint64_t	npf_rule_getid(const npf_rule_t *);
 npf_natpolicy_t *npf_rule_getnat(const npf_rule_t *);
 void		npf_rule_setnat(npf_rule_t *, npf_natpolicy_t *);
 npf_rproc_t *	npf_rule_getrproc(npf_rule_t *);

Index: src/sys/net/npf/npf_ruleset.c
diff -u src/sys/net/npf/npf_ruleset.c:1.10.2.6 src/sys/net/npf/npf_ruleset.c:1.10.2.7
--- src/sys/net/npf/npf_ruleset.c:1.10.2.6	Mon Feb 11 21:49:48 2013
+++ src/sys/net/npf/npf_ruleset.c	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_ruleset.c,v 1.10.2.6 2013/02/11 21:49:48 riz Exp $	*/
+/*	$NetBSD: npf_ruleset.c,v 1.10.2.7 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.10.2.6 2013/02/11 21:49:48 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_ruleset.c,v 1.10.2.7 2013/02/18 18:26:14 riz Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -61,6 +61,9 @@ struct npf_ruleset {
 	LIST_HEAD(, npf_rule)	rs_dynamic;
 	LIST_HEAD(, npf_rule)	rs_gc;
 
+	/* Unique ID counter. */
+	uint64_t		rs_idcnt;
+
 	/* Number of array slots and active rules. */
 	u_int			rs_slots;
 	u_int			rs_nitems;
@@ -100,7 +103,8 @@ struct npf_rule {
 		npf_rule_t *		r_parent;
 	} /* C11 */;
 
-	/* Dictionary. */
+	/* Rule ID and the original dictionary. */
+	uint64_t		r_id;
 	prop_dictionary_t	r_dict;
 
 	/* Rule name and all-list entry. */
@@ -114,6 +118,9 @@ struct npf_rule {
 #define	NPF_DYNAMIC_GROUP_P(attr) \
     (((attr) & NPF_DYNAMIC_GROUP) == NPF_DYNAMIC_GROUP)
 
+#define	NPF_DYNAMIC_RULE_P(attr) \
+    (((attr) & NPF_DYNAMIC_GROUP) == NPF_RULE_DYNAMIC)
+
 npf_ruleset_t *
 npf_ruleset_create(size_t slots)
 {
@@ -121,9 +128,11 @@ npf_ruleset_create(size_t slots)
 	npf_ruleset_t *rlset;
 
 	rlset = kmem_zalloc(len, KM_SLEEP);
-	rlset->rs_slots = slots;
 	LIST_INIT(&rlset->rs_dynamic);
 	LIST_INIT(&rlset->rs_all);
+	LIST_INIT(&rlset->rs_gc);
+	rlset->rs_slots = slots;
+
 	return rlset;
 }
 
@@ -133,7 +142,7 @@ npf_ruleset_unlink(npf_ruleset_t *rlset,
 	if (NPF_DYNAMIC_GROUP_P(rl->r_attr)) {
 		LIST_REMOVE(rl, r_dentry);
 	}
-	if ((rl->r_attr & NPF_DYNAMIC_GROUP) == NPF_RULE_DYNAMIC) {
+	if (NPF_DYNAMIC_RULE_P(rl->r_attr)) {
 		npf_rule_t *rg = rl->r_parent;
 		TAILQ_REMOVE(&rg->r_subset, rl, r_entry);
 	}
@@ -201,11 +210,14 @@ npf_ruleset_add(npf_ruleset_t *rlset, co
 
 	rg = npf_ruleset_lookup(rlset, rname);
 	if (rg == NULL) {
-		return ENOENT;
+		return ESRCH;
+	}
+	if (!NPF_DYNAMIC_RULE_P(rl->r_attr)) {
+		return EINVAL;
 	}
 
-	/* Dynamic rule. */
-	rl->r_attr |= NPF_RULE_DYNAMIC;
+	/* Dynamic rule - assign a unique ID and save the parent. */
+	rl->r_id = ++rlset->rs_idcnt;
 	rl->r_parent = rg;
 
 	/*
@@ -248,22 +260,22 @@ npf_ruleset_add(npf_ruleset_t *rlset, co
 }
 
 int
-npf_ruleset_remove(npf_ruleset_t *rlset, const char *rname, uintptr_t id)
+npf_ruleset_remove(npf_ruleset_t *rlset, const char *rname, uint64_t id)
 {
 	npf_rule_t *rg, *rl;
 
 	if ((rg = npf_ruleset_lookup(rlset, rname)) == NULL) {
-		return ENOENT;
+		return ESRCH;
 	}
 	TAILQ_FOREACH(rl, &rg->r_subset, r_entry) {
 		/* Compare ID.  On match, remove and return. */
-		if ((uintptr_t)rl == id) {
+		if (rl->r_id == id) {
 			npf_ruleset_unlink(rlset, rl);
 			LIST_INSERT_HEAD(&rlset->rs_gc, rl, r_aentry);
-			break;
+			return 0;
 		}
 	}
-	return 0;
+	return ENOENT;
 }
 
 int
@@ -275,7 +287,7 @@ npf_ruleset_remkey(npf_ruleset_t *rlset,
 	KASSERT(len && len <= NPF_RULE_MAXKEYLEN);
 
 	if ((rg = npf_ruleset_lookup(rlset, rname)) == NULL) {
-		return ENOENT;
+		return ESRCH;
 	}
 
 	/* Find the last in the list. */
@@ -284,10 +296,10 @@ npf_ruleset_remkey(npf_ruleset_t *rlset,
 		if (memcmp(rl->r_key, key, len) == 0) {
 			npf_ruleset_unlink(rlset, rl);
 			LIST_INSERT_HEAD(&rlset->rs_gc, rl, r_aentry);
-			break;
+			return 0;
 		}
 	}
-	return 0;
+	return ENOENT;
 }
 
 prop_dictionary_t
@@ -311,9 +323,11 @@ npf_ruleset_list(npf_ruleset_t *rlset, c
 	TAILQ_FOREACH(rl, &rg->r_subset, r_entry) {
 		if (rl->r_dict && !prop_array_add(rules, rl->r_dict)) {
 			prop_object_release(rldict);
+			prop_object_release(rules);
 			return NULL;
 		}
 	}
+
 	if (!prop_dictionary_set(rldict, "rules", rules)) {
 		prop_object_release(rldict);
 		rldict = NULL;
@@ -328,7 +342,7 @@ npf_ruleset_flush(npf_ruleset_t *rlset, 
 	npf_rule_t *rg, *rl;
 
 	if ((rg = npf_ruleset_lookup(rlset, rname)) == NULL) {
-		return ENOENT;
+		return ESRCH;
 	}
 	while ((rl = TAILQ_FIRST(&rg->r_subset)) != NULL) {
 		npf_ruleset_unlink(rlset, rl);
@@ -356,29 +370,34 @@ npf_ruleset_gc(npf_ruleset_t *rlset)
 void
 npf_ruleset_reload(npf_ruleset_t *rlset, npf_ruleset_t *arlset)
 {
-	npf_rule_t *rl;
+	npf_rule_t *rg;
 
 	KASSERT(npf_config_locked_p());
 
-	LIST_FOREACH(rl, &rlset->rs_dynamic, r_dentry) {
-		npf_rule_t *arl, *it;
+	LIST_FOREACH(rg, &rlset->rs_dynamic, r_dentry) {
+		npf_rule_t *arg, *rl;
 
-		if ((arl = npf_ruleset_lookup(arlset, rl->r_name)) == NULL) {
+		if ((arg = npf_ruleset_lookup(arlset, rg->r_name)) == NULL) {
 			continue;
 		}
 
 		/*
 		 * Copy the list-head structure and move the rules from the
 		 * old ruleset to the new by reinserting to a new all-rules
-		 * list.  Note that the rules are still active and therefore
-		 * accessible for inspection via the old ruleset.
+		 * list and resetting the parent rule.  Note that the rules
+		 * are still active and therefore accessible for inspection
+		 * via the old ruleset.
 		 */
-		memcpy(&rl->r_subset, &arl->r_subset, sizeof(rl->r_subset));
-		TAILQ_FOREACH(it, &rl->r_subset, r_entry) {
+		memcpy(&rg->r_subset, &arg->r_subset, sizeof(rg->r_subset));
+		TAILQ_FOREACH(rl, &rg->r_subset, r_entry) {
 			LIST_REMOVE(rl, r_aentry);
 			LIST_INSERT_HEAD(&rlset->rs_all, rl, r_aentry);
+			rl->r_parent = rg;
 		}
 	}
+
+	/* Inherit the ID counter. */
+	rlset->rs_idcnt = arlset->rs_idcnt;
 }
 
 /*
@@ -506,7 +525,7 @@ npf_rule_alloc(prop_dictionary_t rldict)
 		memcpy(rl->r_key, key, len);
 	}
 
-	if ((rl->r_attr & NPF_DYNAMIC_GROUP) == NPF_RULE_DYNAMIC) {
+	if (NPF_DYNAMIC_RULE_P(rl->r_attr)) {
 		rl->r_dict = prop_dictionary_copy(rldict);
 	}
 
@@ -565,10 +584,18 @@ npf_rule_free(npf_rule_t *rl)
 }
 
 /*
+ * npf_rule_getid: return the unique ID of a rule.
  * npf_rule_getrproc: acquire a reference and return rule procedure, if any.
  * npf_rule_getnat: get NAT policy assigned to the rule.
  */
 
+uint64_t
+npf_rule_getid(const npf_rule_t *rl)
+{
+	KASSERT(NPF_DYNAMIC_RULE_P(rl->r_attr));
+	return rl->r_id;
+}
+
 npf_rproc_t *
 npf_rule_getrproc(npf_rule_t *rl)
 {

Index: src/usr.sbin/npf/npfctl/npf_build.c
diff -u src/usr.sbin/npf/npfctl/npf_build.c:1.4.2.11 src/usr.sbin/npf/npfctl/npf_build.c:1.4.2.12
--- src/usr.sbin/npf/npfctl/npf_build.c:1.4.2.11	Mon Feb 11 21:49:48 2013
+++ src/usr.sbin/npf/npfctl/npf_build.c	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_build.c,v 1.4.2.11 2013/02/11 21:49:48 riz Exp $	*/
+/*	$NetBSD: npf_build.c,v 1.4.2.12 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2011-2013 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_build.c,v 1.4.2.11 2013/02/11 21:49:48 riz Exp $");
+__RCSID("$NetBSD: npf_build.c,v 1.4.2.12 2013/02/18 18:26:14 riz Exp $");
 
 #include <sys/types.h>
 #include <sys/ioctl.h>
@@ -501,12 +501,13 @@ npfctl_build_group_end(void)
  * if any, and insert into the ruleset of current group, or set the rule.
  */
 void
-npfctl_build_rule(int attr, u_int if_idx, sa_family_t family,
+npfctl_build_rule(uint32_t attr, u_int if_idx, sa_family_t family,
     const opt_proto_t *op, const filt_opts_t *fopts, const char *rproc)
 {
 	nl_rule_t *rl;
 
 	attr |= (npf_conf ? 0 : NPF_RULE_DYNAMIC);
+
 	rl = npf_rule_create(NULL, attr, if_idx);
 	npfctl_build_ncode(rl, family, op, fopts, false);
 	if (rproc) {

Index: src/usr.sbin/npf/npfctl/npf_disassemble.c
diff -u src/usr.sbin/npf/npfctl/npf_disassemble.c:1.3.2.11 src/usr.sbin/npf/npfctl/npf_disassemble.c:1.3.2.12
--- src/usr.sbin/npf/npfctl/npf_disassemble.c:1.3.2.11	Mon Feb 11 21:49:48 2013
+++ src/usr.sbin/npf/npfctl/npf_disassemble.c	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_disassemble.c,v 1.3.2.11 2013/02/11 21:49:48 riz Exp $	*/
+/*	$NetBSD: npf_disassemble.c,v 1.3.2.12 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  * FIXME: config generation should be redesigned..
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npf_disassemble.c,v 1.3.2.11 2013/02/11 21:49:48 riz Exp $");
+__RCSID("$NetBSD: npf_disassemble.c,v 1.3.2.12 2013/02/18 18:26:14 riz Exp $");
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -611,6 +611,9 @@ npfctl_show_rule(nl_rule_t *nrl, unsigne
 		if (ifname) {
 			printf(", interface %s", ifname);
 		}
+		if (rg.rg_attr & NPF_RULE_DYNAMIC) {
+			printf(", dynamic");
+		}
 		puts(") {");
 		return;
 	}

Index: src/usr.sbin/npf/npfctl/npfctl.8
diff -u src/usr.sbin/npf/npfctl/npfctl.8:1.6.6.5 src/usr.sbin/npf/npfctl/npfctl.8:1.6.6.6
--- src/usr.sbin/npf/npfctl/npfctl.8:1.6.6.5	Mon Feb 11 21:49:47 2013
+++ src/usr.sbin/npf/npfctl/npfctl.8	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-.\"	$NetBSD: npfctl.8,v 1.6.6.5 2013/02/11 21:49:47 riz Exp $
+.\"	$NetBSD: npfctl.8,v 1.6.6.6 2013/02/18 18:26:14 riz Exp $
 .\"
 .\" Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 11, 2013
+.Dd February 16, 2013
 .Dt NPFCTL 8
 .Os
 .Sh NAME
@@ -93,6 +93,7 @@ On success, returns a unique identifier 
 the rule with
 .Ic rem-id
 command.
+The identifier is alphanumeric string.
 .It Ic rule Ar name Ic rem Aq rule-syntax
 Remove a rule from a dynamic ruleset specified by
 .Ar name .
@@ -106,6 +107,12 @@ Remove a rule specified by unique
 .Ar id
 from a dynamic ruleset specified by
 .Ar name .
+.It Ic rule Ar name Ic list
+List all rules in the dynamic ruleset specified by
+.Ar name .
+.It Ic rule Ar name Ic flush
+Remove all rules from the dynamic ruleset specified by
+.Ar name .
 .\" ---
 .It Ic table Ar tid Ic add Aq Ar addr/mask
 In table

Index: src/usr.sbin/npf/npfctl/npfctl.c
diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.14 src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.15
--- src/usr.sbin/npf/npfctl/npfctl.c:1.10.2.14	Mon Feb 11 21:49:48 2013
+++ src/usr.sbin/npf/npfctl/npfctl.c	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.10.2.14 2013/02/11 21:49:48 riz Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.10.2.15 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.10.2.14 2013/02/11 21:49:48 riz Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.10.2.15 2013/02/18 18:26:14 riz Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -124,6 +124,9 @@ usage(void)
 	    "\t%s rule \"rule-name\" rem-id <rule-id>\n",
 	    progname);
 	fprintf(stderr,
+	    "\t%s rule \"rule-name\" { list | flush }\n",
+	    progname);
+	fprintf(stderr,
 	    "\t%s table <tid> { add | rem | test } <address/mask>\n",
 	    progname);
 	fprintf(stderr,
@@ -411,7 +414,7 @@ npfctl_rule(int fd, int argc, char **arg
 	const char *ruleset_name = argv[0];
 	const char *cmd = argv[1];
 	int error, action = 0;
-	uintptr_t rule_id;
+	uint64_t rule_id;
 	nl_rule_t *rl;
 
 	for (int n = 0; ruleops[n].cmd != NULL; n++) {
@@ -441,7 +444,7 @@ npfctl_rule(int fd, int argc, char **arg
 		error = npf_ruleset_remkey(fd, ruleset_name, key, sizeof(key));
 		break;
 	case NPF_CMD_RULE_REMOVE:
-		rule_id = (uintptr_t)strtoull(argv[0], NULL, 16);
+		rule_id = strtoull(argv[0], NULL, 16);
 		error = npf_ruleset_remove(fd, ruleset_name, rule_id);
 		break;
 	case NPF_CMD_RULE_LIST:
@@ -458,15 +461,15 @@ npfctl_rule(int fd, int argc, char **arg
 	case 0:
 		/* Success. */
 		break;
+	case ESRCH:
+		errx(EXIT_FAILURE, "ruleset \"%s\" not found", ruleset_name);
 	case ENOENT:
-		errx(EXIT_FAILURE, "ruleset \"%s\" or the specified rule in "
-		    "it not found", ruleset_name);
-		break;
+		errx(EXIT_FAILURE, "rule was not found");
 	default:
 		errx(EXIT_FAILURE, "rule operation: %s", strerror(error));
 	}
 	if (action == NPF_CMD_RULE_ADD) {
-		printf("OK %" PRIXPTR "\n", rule_id);
+		printf("OK %" PRIx64 "\n", rule_id);
 	}
 	exit(EXIT_SUCCESS);
 }

Index: src/usr.sbin/npf/npfctl/npfctl.h
diff -u src/usr.sbin/npf/npfctl/npfctl.h:1.11.2.12 src/usr.sbin/npf/npfctl/npfctl.h:1.11.2.13
--- src/usr.sbin/npf/npfctl/npfctl.h:1.11.2.12	Mon Feb 11 21:49:48 2013
+++ src/usr.sbin/npf/npfctl/npfctl.h	Mon Feb 18 18:26:14 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.h,v 1.11.2.12 2013/02/11 21:49:48 riz Exp $	*/
+/*	$NetBSD: npfctl.h,v 1.11.2.13 2013/02/18 18:26:14 riz Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -196,7 +196,7 @@ unsigned long	npfctl_debug_addif(const c
 void		npfctl_build_rproc(const char *, npfvar_t *);
 void		npfctl_build_group(const char *, int, u_int, bool);
 void		npfctl_build_group_end(void);
-void		npfctl_build_rule(int, u_int, sa_family_t,
+void		npfctl_build_rule(uint32_t, u_int, sa_family_t,
 		    const opt_proto_t *, const filt_opts_t *, const char *);
 void		npfctl_build_natseg(int, int, u_int, const addr_port_t *,
 		    const addr_port_t *, const filt_opts_t *);

Index: src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.1.2.5 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.1.2.6
--- src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.1.2.5	Mon Feb 11 21:49:50 2013
+++ src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c	Mon Feb 18 18:26:15 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_rule_test.c,v 1.1.2.5 2013/02/11 21:49:50 riz Exp $	*/
+/*	$NetBSD: npf_rule_test.c,v 1.1.2.6 2013/02/18 18:26:15 riz Exp $	*/
 
 /*
  * NPF ruleset test.
@@ -130,6 +130,7 @@ npf_rule_test(bool verbose)
 	npf_ruleset_t *rlset;
 	npf_rule_t *rl;
 	bool fail = false;
+	uint64_t id;
 	int error;
 
 	for (unsigned i = 0; i < __arraycount(test_cases); i++) {
@@ -171,7 +172,8 @@ npf_rule_test(bool verbose)
 	error = npf_test_first(verbose);
 	fail |= (error != RESULT_BLOCK);
 
-	error = npf_ruleset_remove(rlset, "test-rules", (uintptr_t)rl);
+	id = npf_rule_getid(rl);
+	error = npf_ruleset_remove(rlset, "test-rules", id);
 	fail |= error != 0;
 
 	npf_config_exit();

Reply via email to