ipfilter/ippool: Dump a copy of ippool in ippool.conf format

Add an ippool(8) option to dump a copy of the inm-memory ippool tables
in an ippool(5) format so that it can be reloaded using ippool -f.

MFC after:	2 weeks

4 files changed, 27 insertions, 6 deletions

diff --git a/sbin/ipf/ippool/ippool.8 b/sbin/ipf/ippool/ippool.8
index bcc8f3cbd71d..358ece5a26ff 100644
--- a/sbin/ipf/ippool/ippool.8
+++ b/sbin/ipf/ippool/ippool.8
@@ -18,7 +18,7 @@ ippool \- user interface to the IPFilter pools
 -F [-dv] [-o <role>] [-t <type>]
 .br
 .B ippool
--l [-dv] [-m <name>] [-t <type>] [-o <role>] [-M <core>] [-N <namelist>]
+-l [-dDv] [-m <name>] [-t <type>] [-o <role>] [-M <core>] [-N <namelist>]
 .br
 .B ippool
 -r [-dnv] [-m <name>] [-o <role>] [-t <type>] -i <ipaddr>[/<netmask>]
@@ -121,6 +121,10 @@ as a number of seconds.
 When parsing a configuration file, rather than load new pool data into the
 kernel, unload it.
 .TP
+.B -D
+When used in conjuction with -l, dump the ippool configuration to stdout in
+a format that can be subsequently used as input into ippool -f.
+.TP
 .SH FILES
 .br
 /dev/iplookup
diff --git a/sbin/ipf/ippool/ippool.c b/sbin/ipf/ippool/ippool.c
index 3e8918e1fcfa..384146d729c9 100644
--- a/sbin/ipf/ippool/ippool.c
+++ b/sbin/ipf/ippool/ippool.c
@@ -670,12 +670,15 @@ poollist(int argc, char *argv[])
 	poolname = NULL;
 	role = IPL_LOGALL;
 
-	while ((c = getopt(argc, argv, "dm:M:N:o:t:v")) != -1)
+	while ((c = getopt(argc, argv, "dDm:M:N:o:t:v")) != -1)
 		switch (c)
 		{
 		case 'd' :
 			opts |= OPT_DEBUG;
 			break;
+		case 'D' :
+			opts |= OPT_SAVEOUT;
+			break;
 		case 'm' :
 			poolname = optarg;
 			break;
diff --git a/sbin/ipf/libipf/printpool_live.c b/sbin/ipf/libipf/printpool_live.c
index 324deb629d0b..c1d770b4ef77 100644
--- a/sbin/ipf/libipf/printpool_live.c
+++ b/sbin/ipf/libipf/printpool_live.c
@@ -26,7 +26,9 @@ printpool_live(ip_pool_t *pool, int fd, char *name, int opts,
 
 	if ((pool->ipo_flags & IPOOL_DELETE) != 0)
 		PRINTF("# ");
-	if ((opts & OPT_DEBUG) == 0)
+	if (opts & OPT_SAVEOUT)
+		PRINTF("{\n");
+	else if ((opts & OPT_DEBUG) == 0)
 		PRINTF("\t{");
 
 	obj.ipfo_rev = IPFILTER_VERSION;
@@ -48,9 +50,13 @@ printpool_live(ip_pool_t *pool, int fd, char *name, int opts,
 		while (!last && (ioctl(fd, SIOCLOOKUPITER, &obj) == 0)) {
 			if (entry.ipn_next == NULL)
 				last = 1;
+			if (opts & OPT_SAVEOUT)
+				PRINTF("\t");
 			(void) printpoolnode(&entry, opts, fields);
 			if ((opts & OPT_DEBUG) == 0)
 				putchar(';');
+			if (opts & OPT_SAVEOUT)
+				PRINTF("\n");
 			printed++;
 		}
 	}
@@ -58,7 +64,9 @@ printpool_live(ip_pool_t *pool, int fd, char *name, int opts,
 	if (printed == 0)
 		putchar(';');
 
-	if ((opts & OPT_DEBUG) == 0)
+	if (opts & OPT_SAVEOUT)
+		PRINTF("};\n");
+	else if ((opts & OPT_DEBUG) == 0)
 		PRINTF(" };\n");
 
 	(void) ioctl(fd,SIOCIPFDELTOK, &iter.ili_key);
diff --git a/sbin/ipf/libipf/printpooldata.c b/sbin/ipf/libipf/printpooldata.c
index ce754f9a89bb..bd5af316eb19 100644
--- a/sbin/ipf/libipf/printpooldata.c
+++ b/sbin/ipf/libipf/printpooldata.c
@@ -12,7 +12,9 @@ void
 printpooldata(ip_pool_t *pool, int opts)
 {
 
-	if ((opts & OPT_DEBUG) == 0) {
+	if (opts & OPT_SAVEOUT) {
+		PRINTF("pool ");
+	} else if ((opts & OPT_DEBUG) == 0) {
 		if ((pool->ipo_flags & IPOOL_ANON) != 0)
 			PRINTF("# 'anonymous' tree %s\n", pool->ipo_name);
 		if ((pool->ipo_flags & IPOOL_DELETE) != 0)
@@ -32,7 +34,11 @@ printpooldata(ip_pool_t *pool, int opts)
 
 	printunit(pool->ipo_unit);
 
-	if ((opts & OPT_DEBUG) == 0) {
+	if ((opts & OPT_SAVEOUT)) {
+		PRINTF("/tree (%s \"\%s\";)\n",
+			(!*pool->ipo_name || ISDIGIT(*pool->ipo_name)) ? \
+			"number" : "name", pool->ipo_name);
+	} else if ((opts & OPT_DEBUG) == 0) {
 		PRINTF(" type=tree %s=%s\n",
 			(!*pool->ipo_name || ISDIGIT(*pool->ipo_name)) ? \
 			"number" : "name", pool->ipo_name);