On Tue, Dec 25, 2018 at 10:19:35AM -0700, Theo de Raadt wrote: > I have always disliked the reliance on include, because errors detected > during parse are poorly handled. Garbage format in the file will adjust > the global scope and the parser is clueless to cope well. Can you elaborate on this?
$ cat a.in pass # invalid inside anchors set optimization aggressive # error garbage With `include', errors in included files are detected after the line is finished and *all* errors are reported with their correct line numbers: $ cat include.conf anchor a { include a.in } block $ pfctl -vnf include.conf a.in:3: syntax error a.in:5: syntax error include.conf:3: syntax error While with `load anchor' it parses everything, prints the offending line with an off-by-one but stops after the first error, which means I need to reparse again to find the other: $ cat load.conf anchor a load anchor a from a.in block $ pfctl -vnf load.conf anchor "a" all block drop all Loading anchor a from a.in set optimization aggressive a.in:4: syntax error pfctl: load anchors Personally, I prefer the terse format of the former. We can still improve error messages to distinguish between invalid syntax like setting global options inside anchors and, actual synta errors, etc. > An implicit load directive of a specifically formatted file can be made > far more robust. How is the file specifically formatted? Or would you prefer more specific formats for different type of load/include directives?