vcc_acl: Add +fold,noreport modifier to omit fold warnings

With a lot of folding going on, the warnings can easily bury more relevant CLI
output.

Author: nigoroll

bin/varnishtest/tests/c00005.vtc

@@ -375,3 +375,39 @@ client c1 {
 } -run
 
 logexpect l1 -wait
+
+# test +fold,noreport
+varnish v1 -cliexpect "^$" {vcl.inline silent << EOF
+	vcl 4.1;
+
+	backend dummy None;
+
+	acl acl1 +log +pedantic +fold,noreport {
+		"1.2.0.0"/23;
+		"1.2.2.0"/24;
+		"1.2.3.0"/24;
+	}
+
+	sub vcl_recv {
+		if (client.ip ~ acl1) {
+			return (synth(403));
+		}
+	}
+	EOF
+}
+
+varnish v1 -errvcl "Unknown modifier" {
+	backend dummy None;
+
+	acl acl1 +log +pedantic +fold,foo {
+		"1.2.0.0"/23;
+	}
+}
+
+varnish v1 -errvcl "-fold,noreport is invalid" {
+	backend dummy None;
+
+	acl acl1 +log +pedantic -fold,noreport {
+		"1.2.0.0"/23;
+	}
+}

doc/sphinx/reference/vcl.rst

@@ -354,7 +354,7 @@ individually:
 
   Skip and fold operations on VCL entries are output as warnings
   during VCL compilation as entries from the VCL are processed in
-  order.
+  order unless the `noreport` modifier is added (see below).
 
   Logging under the ``VCL_acl`` tag can change with this parameter
   enabled: Matches on skipped subnet entries are now logged as matches
@@ -365,6 +365,13 @@ individually:
 
   Negated ACL entries are never folded.
 
+* `+fold,noreport` - Fold without reporting
+
+  Enable folding, but do not output folding-related warnings during VCL
+  compilation
+
+  The ``noreport`` modifier is only valid with ``+fold``.
+
 VCL objects
 -----------
 

lib/libvcc/vcc_acl.c

@@ -54,6 +54,7 @@ struct acl {
 
 	int			flag_log;
 	int			flag_fold;
+	int			flag_fold_report;
 	int			flag_pedantic;
 	int			flag_table;
 
@@ -263,26 +264,30 @@ vcl_acl_fold(struct vcc *tl, struct acl_e **l, struct acl_e **r)
 	do {
 		switch (cmp) {
 		case ACL_CONTAINED:
-			VSB_cat(tl->sb, "ACL entry:\n");
-			vcc_ErrWhere(tl, (*r)->t_addr);
-			VSB_cat(tl->sb, "supersedes / removes:\n");
-			vcc_ErrWhere(tl, (*l)->t_addr);
-			vcc_Warn(tl);
+			if (tl->acl->flag_fold_report) {
+				VSB_cat(tl->sb, "ACL entry:\n");
+				vcc_ErrWhere(tl, (*r)->t_addr);
+				VSB_cat(tl->sb, "supersedes / removes:\n");
+				vcc_ErrWhere(tl, (*l)->t_addr);
+				vcc_Warn(tl);
+			}
 			VRBT_REMOVE(acl_tree, &tl->acl->acl_tree, *l);
 			FREE_OBJ(*l);
 			*l = VRBT_PREV(acl_tree, &tl->acl->acl_tree, *r);
 			break;
 		case ACL_LEFT:
 			(*l)->mask--;
 			(*l)->fixed = "folded";
-			VSB_cat(tl->sb, "ACL entry:\n");
-			vcc_ErrWhere(tl, (*l)->t_addr);
-			VSB_cat(tl->sb, "left of:\n");
-			vcc_ErrWhere(tl, (*r)->t_addr);
-			VSB_printf(tl->sb, "removing the latter and expanding "
-			    "mask of the former by one to /%u\n",
-			    (*l)->mask - 8);
-			vcc_Warn(tl);
+			if (tl->acl->flag_fold_report) {
+				VSB_cat(tl->sb, "ACL entry:\n");
+				vcc_ErrWhere(tl, (*l)->t_addr);
+				VSB_cat(tl->sb, "left of:\n");
+				vcc_ErrWhere(tl, (*r)->t_addr);
+				VSB_printf(tl->sb, "removing the latter and "
+				    "expanding mask of the former by one to "
+				    "/%u\n", (*l)->mask - 8);
+				vcc_Warn(tl);
+			}
 			VRBT_REMOVE(acl_tree, &tl->acl->acl_tree, *r);
 			FREE_OBJ(*r);
 			VRBT_REMOVE(acl_tree, &tl->acl->acl_tree, *l);
@@ -807,13 +812,30 @@ static void
 vcc_parseAclFold(struct vcc *tl, int sign)
 {
 	struct acl *acl;
+	struct token *t;
 
 	CHECK_OBJ_NOTNULL(tl, VCC_MAGIC);
 	assert(vcc_IdIs(tl->t, "fold"));
 	acl = tl->acl;
 	CHECK_OBJ_NOTNULL(acl, VCC_ACL_MAGIC);
 
+	t = tl->t;
 	acl->flag_fold = sign;
+	acl->flag_fold_report = 1;
+	vcc_NextToken(tl);
+	if (tl->t->tok != ',')
+		return;
+
+	vcc_NextToken(tl);
+	if (! vcc_IdIs(tl->t, "noreport")) {
+		VSB_cat(tl->sb, "Unknown modifier:\n");
+		vcc_ErrWhere(tl, tl->t);
+	} else if (! sign) {
+		VSB_cat(tl->sb, "-fold,noreport is invalid, use -fold:\n");
+		vcc_ErrWhere(tl, t);
+	} else {
+		acl->flag_fold_report = 0;
+	}
 	vcc_NextToken(tl);
 }
 
@@ -828,6 +850,7 @@ vcc_ParseAcl(struct vcc *tl)
 	tl->acl = acl;
 	acl->flag_pedantic = 1;
 	acl->flag_fold = 1;
+	acl->flag_fold_report = 1;
 	vcc_NextToken(tl);
 	VRBT_INIT(&acl->acl_tree);