vcc_acl: Add +silent acl option to omit +fold warnings

With a lot of folding going on, the warnings can easily bury more relevant CLI
output.

Author: nigoroll

bin/varnishtest/tests/c00005.vtc

@@ -375,3 +375,24 @@ client c1 {
 } -run
 
 logexpect l1 -wait
+
+# test +silent
+varnish v1 -cliexpect "^$" {vcl.inline silent << EOF
+	vcl 4.1;
+
+	backend dummy None;
+
+	acl acl1 +log +pedantic +fold +silent {
+		# all contained in 1.3.0.0/21 and 1.4.4.0/22
+		"1.2.0.0"/23;
+		"1.2.2.0"/24;
+		"1.2.3.0"/24;
+	}
+
+	sub vcl_recv {
+		if (client.ip ~ acl1) {
+			return (synth(403));
+		}
+	}
+	EOF
+}

doc/sphinx/reference/vcl.rst

@@ -354,7 +354,7 @@ individually:
 
   Skip and fold operations on VCL entries are output as warnings
   during VCL compilation as entries from the VCL are processed in
-  order.
+  order unless the `+silent` flag is also given.
 
   Logging under the ``VCL_acl`` tag can change with this parameter
   enabled: Matches on skipped subnet entries are now logged as matches
@@ -365,6 +365,8 @@ individually:
 
   Negated ACL entries are never folded.
 
+* `+silent` - Do not emit warnings about folding
+
 VCL objects
 -----------
 

lib/libvcc/vcc_acl.c

@@ -54,6 +54,7 @@ struct acl {
 
 	int			flag_log;
 	int			flag_fold;
+	int			flag_silent;
 	int			flag_pedantic;
 	int			flag_table;
 
@@ -263,26 +264,30 @@ vcl_acl_fold(struct vcc *tl, struct acl_e **l, struct acl_e **r)
 	do {
 		switch (cmp) {
 		case ACL_CONTAINED:
-			VSB_cat(tl->sb, "ACL entry:\n");
-			vcc_ErrWhere(tl, (*r)->t_addr);
-			VSB_cat(tl->sb, "supersedes / removes:\n");
-			vcc_ErrWhere(tl, (*l)->t_addr);
-			vcc_Warn(tl);
+			if (tl->acl->flag_silent == 0) {
+				VSB_cat(tl->sb, "ACL entry:\n");
+				vcc_ErrWhere(tl, (*r)->t_addr);
+				VSB_cat(tl->sb, "supersedes / removes:\n");
+				vcc_ErrWhere(tl, (*l)->t_addr);
+				vcc_Warn(tl);
+			}
 			VRBT_REMOVE(acl_tree, &tl->acl->acl_tree, *l);
 			FREE_OBJ(*l);
 			*l = VRBT_PREV(acl_tree, &tl->acl->acl_tree, *r);
 			break;
 		case ACL_LEFT:
 			(*l)->mask--;
 			(*l)->fixed = "folded";
-			VSB_cat(tl->sb, "ACL entry:\n");
-			vcc_ErrWhere(tl, (*l)->t_addr);
-			VSB_cat(tl->sb, "left of:\n");
-			vcc_ErrWhere(tl, (*r)->t_addr);
-			VSB_printf(tl->sb, "removing the latter and expanding "
-			    "mask of the former by one to /%u\n",
-			    (*l)->mask - 8);
-			vcc_Warn(tl);
+			if (tl->acl->flag_silent == 0) {
+				VSB_cat(tl->sb, "ACL entry:\n");
+				vcc_ErrWhere(tl, (*l)->t_addr);
+				VSB_cat(tl->sb, "left of:\n");
+				vcc_ErrWhere(tl, (*r)->t_addr);
+				VSB_printf(tl->sb, "removing the latter and "
+				    "expanding mask of the former by one to "
+				    "/%u\n", (*l)->mask - 8);
+				vcc_Warn(tl);
+			}
 			VRBT_REMOVE(acl_tree, &tl->acl->acl_tree, *r);
 			FREE_OBJ(*r);
 			VRBT_REMOVE(acl_tree, &tl->acl->acl_tree, *l);
@@ -838,6 +843,9 @@ vcc_ParseAcl(struct vcc *tl)
 		} else if (vcc_IdIs(tl->t, "fold")) {
 			acl->flag_fold = sign;
 			vcc_NextToken(tl);
+		} else if (vcc_IdIs(tl->t, "silent")) {
+			acl->flag_silent = sign;
+			vcc_NextToken(tl);
 		} else if (vcc_IdIs(tl->t, "pedantic")) {
 			acl->flag_pedantic = sign;
 			vcc_NextToken(tl);