Fix table definition parsing as unprivileged user

revision 1.689 introduced warn_duplicate_tables() unconditionally, breaking
the parser on tables withs insufficient permissions to open pf(4):

	$ echo 'table <t>' | pfctl -nf-
	pfctl: pfr_get_tables: Bad file descriptor

So simply check whether pfctl is able to get the table list first.  If not,
instead of silently avoiding namespace collision checks, print a brief
notice iff `-v' is given to help finding duplicate definitions by hand:

	$ echo 'table <t>' | ./obj/pfctl -vnf-
	table <t>
	stdin:1: skipping duplicate table checks for <t>

Reported by Rivo Nurges, thanks!
OK benno sashan

1 files changed, 7 insertions, 2 deletions

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 15555e7ce21..a81142e25a8 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.694 2019/03/06 19:49:05 kn Exp $	*/
+/*	$OpenBSD: parse.y,v 1.695 2019/04/18 21:58:59 kn Exp $	*/
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -4110,7 +4110,12 @@ process_tabledef(char *name, struct table_opts *opts, int popts)
 	if (pf->opts & PF_OPT_VERBOSE)
 		print_tabledef(name, opts->flags, opts->init_addr,
 		    &opts->init_nodes);
-	warn_duplicate_tables(name, pf->anchor->path);
+	if (!(pf->opts & PF_OPT_NOACTION) ||
+	    (pf->opts & PF_OPT_DUMMYACTION))
+		warn_duplicate_tables(name, pf->anchor->path);
+	else if (pf->opts & PF_OPT_VERBOSE)
+		fprintf(stderr, "%s:%d: skipping duplicate table checks"
+		    " for <%s>\n", file->name, yylval.lineno, name);
 	if (!(pf->opts & PF_OPT_NOACTION) &&
 	    pfctl_define_table(name, opts->flags, opts->init_addr,
 	    pf->anchor->path, &ab, pf->anchor->ruleset.tticket)) {