allow turning off the bpf jit loading. trunk
authorchristos <christos@NetBSD.org>
Fri, 26 Dec 2014 22:44:54 +0000
branchtrunk
changeset 232362 4cfc157334f8
parent 232361 46b12114072e
child 232363 98c1aa5e81cd
allow turning off the bpf jit loading.
usr.sbin/npf/npfctl/npf.conf.5
usr.sbin/npf/npfctl/npf_parse.y
usr.sbin/npf/npfctl/npf_scan.l
usr.sbin/npf/npfctl/npfctl.c
usr.sbin/npf/npfctl/npfctl.h
--- a/usr.sbin/npf/npfctl/npf.conf.5	Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5	Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.42 2014/08/03 00:02:56 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.43 2014/12/26 22:44:54 christos Exp $
 .\"
 .\" Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 2, 2014
+.Dd December 26, 2014
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -240,6 +240,9 @@
 interface	= interface-name | var-name
 var-def		= var "=" ( var-value | "{" value *[ "," value ] "}" )
 
+; Parameter setting
+set-statement	= "set" parameter value
+
 ; Table definition.  Table ID shall be numeric.  Path is in the double quotes.
 
 table-id	= \*[Lt]table-name\*[Gt]
--- a/usr.sbin/npf/npfctl/npf_parse.y	Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf_parse.y	Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_parse.y,v 1.35 2014/03/15 15:22:37 riastradh Exp $	*/
+/*	$NetBSD: npf_parse.y,v 1.36 2014/12/26 22:44:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
@@ -92,6 +92,7 @@
 %token			ARROWLEFT
 %token			ARROWRIGHT
 %token			BLOCK
+%token			BPFJIT
 %token			CDB
 %token			CURLY_CLOSE
 %token			CURLY_OPEN
@@ -118,6 +119,7 @@
 %token			NAME
 %token			NPT66
 %token			ON
+%token			OFF
 %token			OUT
 %token			PAR_CLOSE
 %token			PAR_OPEN
@@ -134,6 +136,7 @@
 %token			RETURNRST
 %token			RULESET
 %token			SEPLINE
+%token			SET
 %token			SLASH
 %token			STATEFUL
 %token			STATEFUL_ENDS
@@ -169,9 +172,11 @@
 %type	<filtopts>	filt_opts, all_or_filt_opts
 %type	<optproto>	opt_proto
 %type	<rulegroup>	group_opts
+%type	<tf>		onoff
 
 %union {
 	char *		str;
+	bool		tf;
 	unsigned long	num;
 	double		fpnum;
 	npfvar_t *	var;
@@ -200,6 +205,7 @@
 	| group
 	| rproc
 	| alg
+	| set
 	|
 	;
 
@@ -210,6 +216,21 @@
 	}
 	;
 
+onoff
+	: ON {
+		$$ = true;
+	}
+	| OFF {
+		$$ = false;
+	}
+	;
+
+set
+	: SET BPFJIT onoff {
+		npfctl_bpfjit($3);
+	}
+	;
+
 /*
  * A value - an element or a list of elements.
  * Can be assigned to a variable or used inline.
--- a/usr.sbin/npf/npfctl/npf_scan.l	Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf_scan.l	Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_scan.l,v 1.21 2014/05/31 22:37:05 rmind Exp $	*/
+/*	$NetBSD: npf_scan.l,v 1.22 2014/12/26 22:44:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -97,6 +97,7 @@
 dynamic			return TDYNAMIC;
 file			return TFILE;
 map			return MAP;
+set			return SET;
 "<->"			return ARROWBOTH;
 "<-"			return ARROWLEFT;
 "->"			return ARROWRIGHT;
@@ -124,6 +125,8 @@
 final			return FINAL;
 quick			return FINAL;
 on			return ON;
+off			return OFF;
+bpf.jit			return BPFJIT;
 inet6			return INET6;
 inet4			return INET4;
 proto			return PROTO;
--- a/usr.sbin/npf/npfctl/npfctl.c	Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.c	Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.44 2014/12/26 20:44:38 rmind Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.45 2014/12/26 22:44:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.44 2014/12/26 20:44:38 rmind Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.45 2014/12/26 22:44:54 christos Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -481,6 +481,14 @@
 	exit(EXIT_SUCCESS);
 }
 
+static bool bpfjit = true;
+
+void
+npfctl_bpfjit(bool onoff)
+{
+	bpfjit = onoff;
+}
+
 static void
 npfctl_preload_bpfjit(void)
 {
@@ -491,9 +499,17 @@
 		.ml_propslen = 0
 	};
 
+	if (!bpfjit)
+		return;
+
 	if (modctl(MODCTL_LOAD, &args) != 0 && errno != EEXIST) {
-		fprintf(stderr, "WARNING: bpfjit is not loaded; "
-		    "this may have severe impact on performance.");
+		static const char *p = "; performance will be degraded";
+		if (errno == ENOENT)
+			warnx("the bpfjit module seems to be missing%s", p);
+		else
+			warn("error loading the bpfjit module%s", p);
+		warnx("To disable this warning `set bpf.jit off' in "
+		    "/etc/npf.conf");
 	}
 }
 
--- a/usr.sbin/npf/npfctl/npfctl.h	Fri Dec 26 21:45:17 2014 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.h	Fri Dec 26 22:44:54 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.h,v 1.38 2014/07/23 01:25:34 rmind Exp $	*/
+/*	$NetBSD: npfctl.h,v 1.39 2014/12/26 22:44:54 christos Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -106,6 +106,7 @@
 
 bool		join(char *, size_t, int, char **, const char *);
 void		yyerror(const char *, ...) __printflike(1, 2) __dead;
+void		npfctl_bpfjit(bool);
 void		npfctl_parse_file(const char *);
 void		npfctl_parse_string(const char *);