ipfilter/ippool: Dump a copy of ippool in ippool.conf format

Add an ippool(8) option to dump a copy of the inm-memory ippool tables in an ippool(5) format so that it can be reloaded using ippool -f. MFC after: 2 weeks
2026-06-09 00:32:25 -04:00 · 2022-09-21 08:33:11 -07:00 · 2022-09-21 08:33:11 -07:00 · 7531c434a5
commit 7531c434a5
parent 7e58c8aa82
4 changed files with 27 additions and 6 deletions
--- a/sbin/ipf/ippool/ippool.8
+++ b/sbin/ipf/ippool/ippool.8
@ -18,7 +18,7 @@ ippool \- user interface to the IPFilter pools
 -F [-dv] [-o <role>] [-t <type>]
 .br
 .B ippool
-l [-dv] [-m <name>] [-t <type>] [-o <role>] [-M <core>] [-N <namelist>]
+-l [-dDv] [-m <name>] [-t <type>] [-o <role>] [-M <core>] [-N <namelist>]
 .br
 .B ippool
 -r [-dnv] [-m <name>] [-o <role>] [-t <type>] -i <ipaddr>[/<netmask>]
@ -121,6 +121,10 @@ as a number of seconds.
 When parsing a configuration file, rather than load new pool data into the
 kernel, unload it.
 .TP
+.B -D
+When used in conjuction with -l, dump the ippool configuration to stdout in
+a format that can be subsequently used as input into ippool -f.
+.TP
 .SH FILES
 .br
 /dev/iplookup
--- a/sbin/ipf/ippool/ippool.c
+++ b/sbin/ipf/ippool/ippool.c
@ -670,12 +670,15 @@ poollist(int argc, char *argv[])
 	poolname = NULL;
 	role = IPL_LOGALL;

-	while ((c = getopt(argc, argv, "dm:M:N:o:t:v")) != -1)
+	while ((c = getopt(argc, argv, "dDm:M:N:o:t:v")) != -1)
 		switch (c)
 		{
 		case 'd' :
 			opts |= OPT_DEBUG;
 			break;
+		case 'D' :
+			opts |= OPT_SAVEOUT;
+			break;
 		case 'm' :
 			poolname = optarg;
 			break;
--- a/sbin/ipf/libipf/printpool_live.c
+++ b/sbin/ipf/libipf/printpool_live.c
@ -26,7 +26,9 @@ printpool_live(ip_pool_t *pool, int fd, char *name, int opts,

 	if ((pool->ipo_flags & IPOOL_DELETE) != 0)
 		PRINTF("# ");
-	if ((opts & OPT_DEBUG) == 0)
+	if (opts & OPT_SAVEOUT)
+		PRINTF("{\n");
+	else if ((opts & OPT_DEBUG) == 0)
 		PRINTF("\t{");

 	obj.ipfo_rev = IPFILTER_VERSION;
@ -48,9 +50,13 @@ printpool_live(ip_pool_t *pool, int fd, char *name, int opts,
 		while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) {
 			if (entry.ipn_next == NULL)
 				last = 1;
+			if (opts & OPT_SAVEOUT)
+				PRINTF("\t");
 			(void) printpoolnode(&entry, opts, fields);
 			if ((opts & OPT_DEBUG) == 0)
 				putchar(';');
+			if (opts & OPT_SAVEOUT)
+				PRINTF("\n");
 			printed++;
 		}
 	}
@ -58,7 +64,9 @@ printpool_live(ip_pool_t *pool, int fd, char *name, int opts,
 	if (printed == 0)
 		putchar(';');

-	if ((opts & OPT_DEBUG) == 0)
+	if (opts & OPT_SAVEOUT)
+		PRINTF("};\n");
+	else if ((opts & OPT_DEBUG) == 0)
 		PRINTF(" };\n");

 	(void) ioctl(fd,SIOCIPFDELTOK, &iter.ili_key);
--- a/sbin/ipf/libipf/printpooldata.c
+++ b/sbin/ipf/libipf/printpooldata.c
@ -12,7 +12,9 @@ void
 printpooldata(ip_pool_t *pool, int opts)
 {

-	if ((opts & OPT_DEBUG) == 0) {
+	if (opts & OPT_SAVEOUT) {
+		PRINTF("pool ");
+	} else if ((opts & OPT_DEBUG) == 0) {
 		if ((pool->ipo_flags & IPOOL_ANON) != 0)
 			PRINTF("# 'anonymous' tree %s\n", pool->ipo_name);
 		if ((pool->ipo_flags & IPOOL_DELETE) != 0)
@ -32,7 +34,11 @@ printpooldata(ip_pool_t *pool, int opts)

 	printunit(pool->ipo_unit);

-	if ((opts & OPT_DEBUG) == 0) {
+	if ((opts & OPT_SAVEOUT)) {
+		PRINTF("/tree (%s \"\%s\";)\n",
+			(!*pool->ipo_name || ISDIGIT(*pool->ipo_name)) ? \
+			"number" : "name", pool->ipo_name);
+	} else if ((opts & OPT_DEBUG) == 0) {
 		PRINTF(" type=tree %s=%s\n",
 			(!*pool->ipo_name || ISDIGIT(*pool->ipo_name)) ? \
 			"number" : "name", pool->ipo_name);