Pull up following revision(s) (requested by rmind in ticket #359): netbsd-7
authormartin <martin@NetBSD.org>
Mon, 29 Dec 2014 17:31:47 +0000
branchnetbsd-7
changeset 253728 acdefdd4c804
parent 253727 536539f048dc
child 253729 db03dcb9a583
Pull up following revision(s) (requested by rmind in ticket #359): usr.sbin/npf/npfctl/npf_scan.l: revision 1.22 usr.sbin/npf/npfctl/npf.conf.5: revision 1.43 usr.sbin/npf/npfctl/npfctl.c: revision 1.44 usr.sbin/npf/npfctl/npf_parse.y: revision 1.36 usr.sbin/npf/npfctl/npfctl.c: revision 1.45 usr.sbin/npf/npfctl/npfctl.h: revision 1.39 npfctl(8): attempt to preload bpfjit kernel module and print the warning on failure. allow turning off the bpf jit loading.
usr.sbin/npf/npfctl/npf.conf.5
usr.sbin/npf/npfctl/npf_parse.y
usr.sbin/npf/npfctl/npf_scan.l
usr.sbin/npf/npfctl/npfctl.c
usr.sbin/npf/npfctl/npfctl.h
--- a/usr.sbin/npf/npfctl/npf.conf.5	Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5	Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.42 2014/08/03 00:02:56 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.42.2.1 2014/12/29 17:31:47 martin Exp $
 .\"
 .\" Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 2, 2014
+.Dd December 26, 2014
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -240,6 +240,9 @@
 interface	= interface-name | var-name
 var-def		= var "=" ( var-value | "{" value *[ "," value ] "}" )
 
+; Parameter setting
+set-statement	= "set" parameter value
+
 ; Table definition.  Table ID shall be numeric.  Path is in the double quotes.
 
 table-id	= \*[Lt]table-name\*[Gt]
--- a/usr.sbin/npf/npfctl/npf_parse.y	Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf_parse.y	Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_parse.y,v 1.35 2014/03/15 15:22:37 riastradh Exp $	*/
+/*	$NetBSD: npf_parse.y,v 1.35.4.1 2014/12/29 17:31:47 martin Exp $	*/
 
 /*-
  * Copyright (c) 2011-2014 The NetBSD Foundation, Inc.
@@ -92,6 +92,7 @@
 %token			ARROWLEFT
 %token			ARROWRIGHT
 %token			BLOCK
+%token			BPFJIT
 %token			CDB
 %token			CURLY_CLOSE
 %token			CURLY_OPEN
@@ -118,6 +119,7 @@
 %token			NAME
 %token			NPT66
 %token			ON
+%token			OFF
 %token			OUT
 %token			PAR_CLOSE
 %token			PAR_OPEN
@@ -134,6 +136,7 @@
 %token			RETURNRST
 %token			RULESET
 %token			SEPLINE
+%token			SET
 %token			SLASH
 %token			STATEFUL
 %token			STATEFUL_ENDS
@@ -169,9 +172,11 @@
 %type	<filtopts>	filt_opts, all_or_filt_opts
 %type	<optproto>	opt_proto
 %type	<rulegroup>	group_opts
+%type	<tf>		onoff
 
 %union {
 	char *		str;
+	bool		tf;
 	unsigned long	num;
 	double		fpnum;
 	npfvar_t *	var;
@@ -200,6 +205,7 @@
 	| group
 	| rproc
 	| alg
+	| set
 	|
 	;
 
@@ -210,6 +216,21 @@
 	}
 	;
 
+onoff
+	: ON {
+		$$ = true;
+	}
+	| OFF {
+		$$ = false;
+	}
+	;
+
+set
+	: SET BPFJIT onoff {
+		npfctl_bpfjit($3);
+	}
+	;
+
 /*
  * A value - an element or a list of elements.
  * Can be assigned to a variable or used inline.
--- a/usr.sbin/npf/npfctl/npf_scan.l	Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npf_scan.l	Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_scan.l,v 1.21 2014/05/31 22:37:05 rmind Exp $	*/
+/*	$NetBSD: npf_scan.l,v 1.21.2.1 2014/12/29 17:31:47 martin Exp $	*/
 
 /*-
  * Copyright (c) 2011-2012 The NetBSD Foundation, Inc.
@@ -97,6 +97,7 @@
 dynamic			return TDYNAMIC;
 file			return TFILE;
 map			return MAP;
+set			return SET;
 "<->"			return ARROWBOTH;
 "<-"			return ARROWLEFT;
 "->"			return ARROWRIGHT;
@@ -124,6 +125,8 @@
 final			return FINAL;
 quick			return FINAL;
 on			return ON;
+off			return OFF;
+bpf.jit			return BPFJIT;
 inet6			return INET6;
 inet4			return INET4;
 proto			return PROTO;
--- a/usr.sbin/npf/npfctl/npfctl.c	Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.c	Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.42.2.1 2014/08/29 11:14:14 martin Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.42.2.2 2014/12/29 17:31:47 martin Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -30,11 +30,12 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.42.2.1 2014/08/29 11:14:14 martin Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.42.2.2 2014/12/29 17:31:47 martin Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <sys/module.h>
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -480,6 +481,38 @@
 	exit(EXIT_SUCCESS);
 }
 
+static bool bpfjit = true;
+
+void
+npfctl_bpfjit(bool onoff)
+{
+	bpfjit = onoff;
+}
+
+static void
+npfctl_preload_bpfjit(void)
+{
+	modctl_load_t args = {
+		.ml_filename = "bpfjit",
+		.ml_flags = MODCTL_NO_PROP,
+		.ml_props = NULL,
+		.ml_propslen = 0
+	};
+
+	if (!bpfjit)
+		return;
+
+	if (modctl(MODCTL_LOAD, &args) != 0 && errno != EEXIST) {
+		static const char *p = "; performance will be degraded";
+		if (errno == ENOENT)
+			warnx("the bpfjit module seems to be missing%s", p);
+		else
+			warn("error loading the bpfjit module%s", p);
+		warnx("To disable this warning `set bpf.jit off' in "
+		    "/etc/npf.conf");
+	}
+}
+
 static int
 npfctl_save(int fd)
 {
@@ -547,6 +580,7 @@
 		fun = "ioctl(IOC_NPF_SWITCH)";
 		break;
 	case NPFCTL_RELOAD:
+		npfctl_preload_bpfjit();
 		npfctl_config_init(false);
 		npfctl_parse_file(argc < 3 ? NPF_CONF_PATH : argv[2]);
 		errno = ret = npfctl_config_send(fd, NULL);
@@ -581,6 +615,7 @@
 		npfctl_rule(fd, argc, argv);
 		break;
 	case NPFCTL_LOAD:
+		npfctl_preload_bpfjit();
 		ret = npfctl_load(fd);
 		fun = "npfctl_config_load";
 		break;
--- a/usr.sbin/npf/npfctl/npfctl.h	Mon Dec 29 17:27:28 2014 +0000
+++ b/usr.sbin/npf/npfctl/npfctl.h	Mon Dec 29 17:31:47 2014 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.h,v 1.38 2014/07/23 01:25:34 rmind Exp $	*/
+/*	$NetBSD: npfctl.h,v 1.38.2.1 2014/12/29 17:31:47 martin Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -106,6 +106,7 @@
 
 bool		join(char *, size_t, int, char **, const char *);
 void		yyerror(const char *, ...) __printflike(1, 2) __dead;
+void		npfctl_bpfjit(bool);
 void		npfctl_parse_file(const char *);
 void		npfctl_parse_string(const char *);