npfctl

Christos Zoulas Fri, 26 Dec 2014 14:45:44 -0800

Module Name:    src
Committed By:   christos
Date:           Fri Dec 26 22:44:54 UTC 2014


Modified Files:
        src/usr.sbin/npf/npfctl: npf.conf.5 npf_parse.y npf_scan.l npfctl.c
            npfctl.h

Log Message:
allow turning off the bpf jit loading.


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/usr.sbin/npf/npfctl/npf.conf.5
cvs rdiff -u -r1.35 -r1.36 src/usr.sbin/npf/npfctl/npf_parse.y
cvs rdiff -u -r1.21 -r1.22 src/usr.sbin/npf/npfctl/npf_scan.l
cvs rdiff -u -r1.44 -r1.45 src/usr.sbin/npf/npfctl/npfctl.c
cvs rdiff -u -r1.38 -r1.39 src/usr.sbin/npf/npfctl/npfctl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.sbin/npf/npfctl/npf.conf.5
diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.42 src/usr.sbin/npf/npfctl/npf.conf.5:1.43
--- src/usr.sbin/npf/npfctl/npf.conf.5:1.42	Sat Aug  2 20:02:56 2014
+++ src/usr.sbin/npf/npfctl/npf.conf.5	Fri Dec 26 17:44:54 2014
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.42 2014/08/03 00:02:56 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.43 2014/12/26 22:44:54 christos Exp $
 .\"
 .\" Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 2, 2014
+.Dd December 26, 2014
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -240,6 +240,9 @@ var-name	= "$" . string
 interface	= interface-name | var-name
 var-def		= var "=" ( var-value | "{" value *[ "," value ] "}" )
 
+; Parameter setting
+set-statement	= "set" parameter value
+
 ; Table definition.  Table ID shall be numeric.  Path is in the double quotes.
 
 table-id	= \*[Lt]table-name\*[Gt]

Index: src/usr.sbin/npf/npfctl/npf_parse.y
diff -u src/usr.sbin/npf/npfctl/npf_parse.y:1.35 src/usr.sbin/npf/npfctl/npf_parse.y:1.36
--- src/usr.sbin/npf/npfctl/npf_parse.y:1.35	Sat Mar 15 11:22:37 2014
+++ src/usr.sbin/npf/npfctl/npf_parse.y	Fri Dec 26 17:44:54 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_parse.y,v 1.35 2014/03/15 15:22:37 riastradh Exp $	*/
+/*	$NetBSD: npf_parse.y,v 1.36 2014/12/26 22:44:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
@@ -92,6 +92,7 @@ yyerror(const char *fmt, ...)
 %token			ARROWLEFT
 %token			ARROWRIGHT
 %token			BLOCK
+%token			BPFJIT
 %token			CDB
 %token			CURLY_CLOSE
 %token			CURLY_OPEN
@@ -118,6 +119,7 @@ yyerror(const char *fmt, ...)
 %token			NAME
 %token			NPT66
 %token			ON
+%token			OFF
 %token			OUT
 %token			PAR_CLOSE
 %token			PAR_OPEN
@@ -134,6 +136,7 @@ yyerror(const char *fmt, ...)
 %token			RETURNRST
 %token			RULESET
 %token			SEPLINE
+%token			SET
 %token			SLASH
 %token			STATEFUL
 %token			STATEFUL_ENDS
@@ -169,9 +172,11 @@ yyerror(const char *fmt, ...)
 %type	<filtopts>	filt_opts, all_or_filt_opts
 %type	<optproto>	opt_proto
 %type	<rulegroup>	group_opts
+%type	<tf>		onoff
 
 %union {
 	char *		str;
+	bool		tf;
 	unsigned long	num;
 	double		fpnum;
 	npfvar_t *	var;
@@ -200,6 +205,7 @@ line
 	| group
 	| rproc
 	| alg
+	| set
 	|
 	;
 
@@ -210,6 +216,21 @@ alg
 	}
 	;
 
+onoff
+	: ON {
+		$$ = true;
+	}
+	| OFF {
+		$$ = false;
+	}
+	;
+
+set
+	: SET BPFJIT onoff {
+		npfctl_bpfjit($3);
+	}
+	;
+
 /*
  * A value - an element or a list of elements.
  * Can be assigned to a variable or used inline.

Index: src/usr.sbin/npf/npfctl/npf_scan.l
diff -u src/usr.sbin/npf/npfctl/npf_scan.l:1.21 src/usr.sbin/npf/npfctl/npf_scan.l:1.22
--- src/usr.sbin/npf/npfctl/npf_scan.l:1.21	Sat May 31 18:37:05 2014
+++ src/usr.sbin/npf/npfctl/npf_scan.l	Fri Dec 26 17:44:54 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_scan.l,v 1.21 2014/05/31 22:37:05 rmind Exp $	*/
+/*	$NetBSD: npf_scan.l,v 1.22 2014/12/26 22:44:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -97,6 +97,7 @@ static			return TSTATIC;
 dynamic			return TDYNAMIC;
 file			return TFILE;
 map			return MAP;
+set			return SET;
 "<->"			return ARROWBOTH;
 "<-"			return ARROWLEFT;
 "->"			return ARROWRIGHT;
@@ -124,6 +125,8 @@ apply			return APPLY;
 final			return FINAL;
 quick			return FINAL;
 on			return ON;
+off			return OFF;
+bpf.jit			return BPFJIT;
 inet6			return INET6;
 inet4			return INET4;
 proto			return PROTO;

Index: src/usr.sbin/npf/npfctl/npfctl.c
diff -u src/usr.sbin/npf/npfctl/npfctl.c:1.44 src/usr.sbin/npf/npfctl/npfctl.c:1.45
--- src/usr.sbin/npf/npfctl/npfctl.c:1.44	Fri Dec 26 15:44:38 2014
+++ src/usr.sbin/npf/npfctl/npfctl.c	Fri Dec 26 17:44:54 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.44 2014/12/26 20:44:38 rmind Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.45 2014/12/26 22:44:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.44 2014/12/26 20:44:38 rmind Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.45 2014/12/26 22:44:54 christos Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -481,6 +481,14 @@ npfctl_rule(int fd, int argc, char **arg
 	exit(EXIT_SUCCESS);
 }
 
+static bool bpfjit = true;
+
+void
+npfctl_bpfjit(bool onoff)
+{
+	bpfjit = onoff;
+}
+
 static void
 npfctl_preload_bpfjit(void)
 {
@@ -491,9 +499,17 @@ npfctl_preload_bpfjit(void)
 		.ml_propslen = 0
 	};
 
+	if (!bpfjit)
+		return;
+
 	if (modctl(MODCTL_LOAD, &args) != 0 && errno != EEXIST) {
-		fprintf(stderr, "WARNING: bpfjit is not loaded; "
-		    "this may have severe impact on performance.");
+		static const char *p = "; performance will be degraded";
+		if (errno == ENOENT)
+			warnx("the bpfjit module seems to be missing%s", p);
+		else
+			warn("error loading the bpfjit module%s", p);
+		warnx("To disable this warning `set bpf.jit off' in "
+		    "/etc/npf.conf");
 	}
 }
 

Index: src/usr.sbin/npf/npfctl/npfctl.h
diff -u src/usr.sbin/npf/npfctl/npfctl.h:1.38 src/usr.sbin/npf/npfctl/npfctl.h:1.39
--- src/usr.sbin/npf/npfctl/npfctl.h:1.38	Tue Jul 22 21:25:34 2014
+++ src/usr.sbin/npf/npfctl/npfctl.h	Fri Dec 26 17:44:54 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.h,v 1.38 2014/07/23 01:25:34 rmind Exp $	*/
+/*	$NetBSD: npfctl.h,v 1.39 2014/12/26 22:44:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -106,6 +106,7 @@ enum { NPFCTL_PARSE_FILE, NPFCTL_PARSE_S
 
 bool		join(char *, size_t, int, char **, const char *);
 void		yyerror(const char *, ...) __printflike(1, 2) __dead;
+void		npfctl_bpfjit(bool);
 void		npfctl_parse_file(const char *);
 void		npfctl_parse_string(const char *);

CVS commit: src/usr.sbin/npf/npfctl

Reply via email to