upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

ipfw(8): Fix most warnings with the default WARNS level.

Browse source 
- Add missing const and static qualifiers.
- Avoid shadowing the global "co" by renaming it to "g_co".
- Avoid mixing signedness in loop bound checks.
- Leave -Wcast-align warnings disabled for now.

Reviewed by:	ae, melifaro
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D25456
This commit is contained in:
Mark Johnston 2020-07-13 17:51:04 +00:00
parent 329d975c0c
commit 56707bee4b
13 changed files with 309 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sbin/ipfw/Makefile
View file

@ -6,7 +6,6 @@ PACKAGE=ipfw
PROG= ipfw
SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c tables.c
SRCS+= nat64clat.c nat64lsn.c nat64stl.c nptv6.c
WARNS?= 2
.if ${MK_PF} != "no"
SRCS+= altq.c
@ -17,3 +16,5 @@ LIBADD= jail util
MAN= ipfw.8
.include <bsd.prog.mk>
CWARNFLAGS+= -Wno-cast-align

2
sbin/ipfw/altq.c
View file

@ -140,7 +140,7 @@ altq_qid_to_name(u_int32_t qid)
}
void
print_altq_cmd(struct buf_pr *bp, ipfw_insn_altq *altqptr)
print_altq_cmd(struct buf_pr *bp, const ipfw_insn_altq *altqptr)
{
if (altqptr) {
const char *qname;

16
sbin/ipfw/dummynet.c
View file

@ -166,8 +166,8 @@ enum {
#define PIE_SCALE (1L<<PIE_FIX_POINT_BITS)
/* integer to time */
void
us_to_time(int t,char *strt)
static void
us_to_time(int t, char *strt)
{
if (t < 0)
strt[0]='\0';
@ -221,7 +221,7 @@ time_to_us(const char *s)
/* Get AQM or scheduler extra parameters */
void
static void
get_extra_parms(uint32_t nr, char *out, int subtype)
{
struct dn_extra_parms *ep;
@ -586,7 +586,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end)
break;
}
case DN_CMD_GET:
if (co.verbose)
if (g_co.verbose)
printf("answer for cmd %d, len %d\n", oid->type, oid->id);
break;
case DN_SCH: {
@ -636,7 +636,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end)
sprintf(bwbuf, "%7.3f bit/s ", b);
if (humanize_number(burst, sizeof(burst), p->burst,
"", HN_AUTOSCALE, 0) < 0 || co.verbose)
"", HN_AUTOSCALE, 0) < 0 || g_co.verbose)
sprintf(burst, "%d", (int)p->burst);
sprintf(buf, "%05d: %s %4d ms burst %s",
p->link_nr % DN_MAX_ID, bwbuf, p->delay, burst);
@ -1317,7 +1317,7 @@ ipfw_config_pipe(int ac, char **av)
o_next(&buf, sizeof(struct dn_id), DN_CMD_CONFIG);
base->id = DN_API_VERSION;
switch (co.do_pipe) {
switch (g_co.do_pipe) {
case 1: /* "pipe N config ..." */
/* Allocate space for the WF2Q+ scheduler, its link
* and the FIFO flowset. Set the number, but leave
@ -1893,7 +1893,7 @@ parse_range(int ac, char *av[], uint32_t *v, int len)
}
n++;
/* translate if 'pipe list' */
if (co.do_pipe == 1) {
if (g_co.do_pipe == 1) {
v[0] += DN_MAX_ID;
v[1] += DN_MAX_ID;
}
@ -1947,7 +1947,7 @@ dummynet_list(int ac, char *av[], int show_counters)
if (max_size < sizeof(struct dn_flow))
max_size = sizeof(struct dn_flow);
switch (co.do_pipe) {
switch (g_co.do_pipe) {
case 1:
oid->subtype = DN_LINK; /* list pipe */
break;

218
sbin/ipfw/ipfw2.c
View file

@ -57,7 +57,7 @@
#include <netinet/tcp.h>
#include <arpa/inet.h>
struct cmdline_opts co; /* global options */
struct cmdline_opts g_co; /* global options */
struct format_opts {
int bcwidth;
@ -74,7 +74,7 @@ struct format_opts {
int resvd_set_number = RESVD_SET;
int ipfw_socket = -1;
static int ipfw_socket = -1;
#define CHECK_LENGTH(v, len) do { \
if ((v) < (len)) \
@ -395,8 +395,8 @@ static int ipfw_show_config(struct cmdline_opts *co, struct format_opts *fo,
static void ipfw_list_tifaces(void);
struct tidx;
static uint16_t pack_object(struct tidx *tstate, char *name, int otype);
static uint16_t pack_table(struct tidx *tstate, char *name);
static uint16_t pack_object(struct tidx *tstate, const char *name, int otype);
static uint16_t pack_table(struct tidx *tstate, const char *name);
static char *table_search_ctlv(ipfw_obj_ctlv *ctlv, uint16_t idx);
static void object_sort_ctlv(ipfw_obj_ctlv *ctlv);
@ -456,7 +456,7 @@ bp_flush(struct buf_pr *b)
* Returns number of bytes that should have been printed.
*/
int
bprintf(struct buf_pr *b, char *format, ...)
bprintf(struct buf_pr *b, const char *format, ...)
{
va_list args;
int i;
@ -466,7 +466,7 @@ bprintf(struct buf_pr *b, char *format, ...)
i = vsnprintf(b->ptr, b->avail, format, args);
va_end(args);
if (i > b->avail || i < 0) {
if (i < 0 || (size_t)i > b->avail) {
/* Overflow or print error */
b->avail = 0;
} else {
@ -569,7 +569,7 @@ do_cmd(int optname, void *optval, uintptr_t optlen)
{
int i;
if (co.test_only)
if (g_co.test_only)
return 0;
if (ipfw_socket == -1)
@ -606,7 +606,7 @@ int
do_set3(int optname, ip_fw3_opheader *op3, size_t optlen)
{
if (co.test_only)
if (g_co.test_only)
return (0);
if (ipfw_socket == -1)
@ -635,7 +635,7 @@ do_get3(int optname, ip_fw3_opheader *op3, size_t *optlen)
int error;
socklen_t len;
if (co.test_only)
if (g_co.test_only)
return (0);
if (ipfw_socket == -1)
@ -725,7 +725,8 @@ match_value(struct _s_x *p, int value)
}
size_t
concat_tokens(char *buf, size_t bufsize, struct _s_x *table, char *delimiter)
concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
const char *delimiter)
{
struct _s_x *pt;
int l;
@ -788,7 +789,7 @@ print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set)
set &= ~list[i].x;
l = snprintf(buf, sz, "%s%s", comma, list[i].s);
if (l >= sz)
if (l < 0 || (size_t)l >= sz)
return;
comma = ",";
buf += l;
@ -856,13 +857,13 @@ print_port(struct buf_pr *bp, int proto, uint16_t port)
if (proto == IPPROTO_ETHERTYPE) {
char const *s;
if (co.do_resolv && (s = match_value(ether_types, port)) )
if (g_co.do_resolv && (s = match_value(ether_types, port)) )
bprintf(bp, "%s", s);
else
bprintf(bp, "0x%04x", port);
} else {
struct servent *se = NULL;
if (co.do_resolv) {
if (g_co.do_resolv) {
struct protoent *pe = getprotobynumber(proto);
se = getservbyport(htons(port), pe ? pe->p_name : NULL);
@ -893,9 +894,9 @@ static struct _s_x _port_name[] = {
* XXX todo: add support for mask.
*/
static void
print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, int proto, int opcode)
print_newports(struct buf_pr *bp, const ipfw_insn_u16 *cmd, int proto, int opcode)
{
uint16_t *p = cmd->ports;
const uint16_t *p = cmd->ports;
int i;
char const *sep;
@ -906,7 +907,7 @@ print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, int proto, int opcode)
bprintf(bp, " %s", sep);
}
sep = " ";
for (i = F_LEN((ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
for (i = F_LEN((const ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
bprintf(bp, "%s", sep);
print_port(bp, proto, p[0]);
if (p[0] != p[1]) {
@ -1134,7 +1135,7 @@ print_reject_code(struct buf_pr *bp, uint16_t code)
* len is the max length in bits.
*/
int
contigmask(uint8_t *p, int len)
contigmask(const uint8_t *p, int len)
{
int i, n;
@ -1152,7 +1153,7 @@ contigmask(uint8_t *p, int len)
* There is a specialized check for f_tcpflags.
*/
static void
print_flags(struct buf_pr *bp, char const *name, ipfw_insn *cmd,
print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd,
struct _s_x *list)
{
char const *comma = "";
@ -1185,12 +1186,13 @@ print_flags(struct buf_pr *bp, char const *name, ipfw_insn *cmd,
* Print the ip address contained in a command.
*/
static void
print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
print_ip(struct buf_pr *bp, const struct format_opts *fo,
const ipfw_insn_ip *cmd)
{
struct hostent *he = NULL;
struct in_addr *ia;
uint32_t len = F_LEN((ipfw_insn *)cmd);
uint32_t *a = ((ipfw_insn_u32 *)cmd)->d;
const struct in_addr *ia;
const uint32_t *a = ((const ipfw_insn_u32 *)cmd)->d;
uint32_t len = F_LEN((const ipfw_insn *)cmd);
char *t;
bprintf(bp, " ");
@ -1200,7 +1202,8 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
if (d < sizeof(lookup_key)/sizeof(lookup_key[0]))
arg = match_value(rule_options, lookup_key[d]);
t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1);
t = table_search_ctlv(fo->tstate,
((const ipfw_insn *)cmd)->arg1);
bprintf(bp, "lookup %s %s", arg, t);
return;
}
@ -1210,7 +1213,8 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
}
if (cmd->o.opcode == O_IP_SRC_LOOKUP ||
cmd->o.opcode == O_IP_DST_LOOKUP) {
t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1);
t = table_search_ctlv(fo->tstate,
((const ipfw_insn *)cmd)->arg1);
bprintf(bp, "table(%s", t);
if (len == F_INSN_SIZE(ipfw_insn_u32))
bprintf(bp, ",%u", *a);
@ -1218,16 +1222,18 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
return;
}
if (cmd->o.opcode == O_IP_SRC_SET || cmd->o.opcode == O_IP_DST_SET) {
uint32_t x, *map = (uint32_t *)&(cmd->mask);
const uint32_t *map = (const uint32_t *)&cmd->mask;
struct in_addr addr;
uint32_t x;
int i, j;
char comma = '{';
x = cmd->o.arg1 - 1;
x = htonl( ~x );
cmd->addr.s_addr = htonl(cmd->addr.s_addr);
bprintf(bp, "%s/%d", inet_ntoa(cmd->addr),
contigmask((uint8_t *)&x, 32));
x = cmd->addr.s_addr = htonl(cmd->addr.s_addr);
x = htonl(~x);
addr.s_addr = htonl(cmd->addr.s_addr);
bprintf(bp, "%s/%d", inet_ntoa(addr),
contigmask((uint8_t *)&x, 32));
x = cmd->addr.s_addr;
x &= 0xff; /* base */
/*
* Print bits and ranges.
@ -1258,19 +1264,19 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
for (len = len / 2; len > 0; len--, a += 2) {
int mb = /* mask length */
(cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ?
32 : contigmask((uint8_t *)&(a[1]), 32);
if (mb == 32 && co.do_resolv)
he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t),
32 : contigmask((const uint8_t *)&(a[1]), 32);
if (mb == 32 && g_co.do_resolv)
he = gethostbyaddr((const char *)&(a[0]), sizeof(in_addr_t),
AF_INET);
if (he != NULL) /* resolved to name */
bprintf(bp, "%s", he->h_name);
else if (mb == 0) /* any */
bprintf(bp, "any");
else { /* numeric IP followed by some kind of mask */
ia = (struct in_addr *)&a[0];
ia = (const struct in_addr *)&a[0];
bprintf(bp, "%s", inet_ntoa(*ia));
if (mb < 0) {
ia = (struct in_addr *)&a[1];
ia = (const struct in_addr *)&a[1];
bprintf(bp, ":%s", inet_ntoa(*ia));
} else if (mb < 32)
bprintf(bp, "/%d", mb);
@ -1284,7 +1290,7 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
* prints a MAC address/mask pair
*/
static void
format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *mask)
format_mac(struct buf_pr *bp, const uint8_t *addr, const uint8_t *mask)
{
int l = contigmask(mask, 48);
@ -1303,7 +1309,7 @@ format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *mask)
}
static void
print_mac(struct buf_pr *bp, ipfw_insn_mac *mac)
print_mac(struct buf_pr *bp, const ipfw_insn_mac *mac)
{
bprintf(bp, " MAC");
@ -1336,7 +1342,7 @@ fill_icmptypes(ipfw_insn_u32 *cmd, char *av)
}
static void
print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd)
print_icmptypes(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
int i;
char sep= ' ';
@ -1351,12 +1357,12 @@ print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd)
}
static void
print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd)
print_dscp(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
int i = 0;
uint32_t *v;
char sep= ' ';
const uint32_t *v;
const char *code;
int i = 0;
char sep= ' ';
bprintf(bp, " dscp");
v = cmd->d;
@ -1374,7 +1380,7 @@ print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd)
}
}
#define insntod(cmd, type) ((ipfw_insn_ ## type *)(cmd))
#define insntod(cmd, type) ((const ipfw_insn_ ## type *)(cmd))
struct show_state {
struct ip_fw_rule *rule;
const ipfw_insn *eaction;
@ -1443,7 +1449,7 @@ print_limit_mask(struct buf_pr *bp, const ipfw_insn_limit *limit)
static int
print_instruction(struct buf_pr *bp, const struct format_opts *fo,
struct show_state *state, ipfw_insn *cmd)
struct show_state *state, const ipfw_insn *cmd)
{
struct protoent *pe;
struct passwd *pwd;
@ -1685,7 +1691,7 @@ print_instruction(struct buf_pr *bp, const struct format_opts *fo,
bprintf(bp, " ipsec");
break;
case O_NOP:
bprintf(bp, " // %s", (char *)(cmd + 1));
bprintf(bp, " // %s", (const char *)(cmd + 1));
break;
case O_KEEP_STATE:
if (state->flags & HAVE_PROBE_STATE)
@ -1777,8 +1783,8 @@ static void
print_fwd(struct buf_pr *bp, const ipfw_insn *cmd)
{
char buf[INET6_ADDRSTRLEN + IF_NAMESIZE + 2];
ipfw_insn_sa6 *sa6;
ipfw_insn_sa *sa;
const ipfw_insn_sa6 *sa6;
const ipfw_insn_sa *sa;
uint16_t port;
if (cmd->opcode == O_FORWARD_IP) {
@ -2056,7 +2062,7 @@ print_proto(struct buf_pr *bp, struct format_opts *fo,
static int
match_opcode(int opcode, const int opcodes[], size_t nops)
{
int i;
size_t i;
for (i = 0; i < nops; i++)
if (opcode == opcodes[i])
@ -2138,10 +2144,10 @@ static void
show_static_rule(struct cmdline_opts *co, struct format_opts *fo,
struct buf_pr *bp, struct ip_fw_rule *rule, struct ip_fw_bcounter *cntr)
{
static int twidth = 0;
struct show_state state;
ipfw_insn *cmd;
static int twidth = 0;
int i;
size_t i;
/* Print # DISABLED or skip the rule */
if ((fo->set_mask & (1 << rule->set)) == 0) {
@ -2361,7 +2367,7 @@ void
ipfw_sets_handler(char *av[])
{
ipfw_range_tlv rt;
char *msg;
const char *msg;
size_t size;
uint32_t masks[2];
int i;
@ -2378,7 +2384,7 @@ ipfw_sets_handler(char *av[])
ipfw_cfg_lheader *cfg;
memset(&fo, 0, sizeof(fo));
if (ipfw_get_config(&co, &fo, &cfg, &size) != 0)
if (ipfw_get_config(&g_co, &fo, &cfg, &size) != 0)
err(EX_OSERR, "requesting config failed");
for (i = 0, msg = "disable"; i < RESVD_SET; i++)
@ -2507,7 +2513,7 @@ typedef void state_cb(struct cmdline_opts *co, struct format_opts *fo,
static void
prepare_format_dyn(struct cmdline_opts *co, struct format_opts *fo,
void *arg, void *_state)
void *arg __unused, void *_state)
{
ipfw_dyn_rule *d;
int width;
@ -2701,11 +2707,11 @@ ipfw_list(int ac, char *av[], int show_counters)
uint32_t rnum;
char *endptr;
if (co.test_only) {
if (g_co.test_only) {
fprintf(stderr, "Testing only, list disabled\n");
return;
}
if (co.do_pipe) {
if (g_co.do_pipe) {
dummynet_list(ac, av, show_counters);
return;
}
@ -2731,17 +2737,17 @@ ipfw_list(int ac, char *av[], int show_counters)
/* get configuraion from kernel */
cfg = NULL;
sfo.show_counters = show_counters;
sfo.show_time = co.do_time;
if (co.do_dynamic != 2)
sfo.show_time = g_co.do_time;
if (g_co.do_dynamic != 2)
sfo.flags |= IPFW_CFG_GET_STATIC;
if (co.do_dynamic != 0)
if (g_co.do_dynamic != 0)
sfo.flags |= IPFW_CFG_GET_STATES;
if ((sfo.show_counters | sfo.show_time) != 0)
sfo.flags |= IPFW_CFG_GET_COUNTERS;
if (ipfw_get_config(&co, &sfo, &cfg, &sz) != 0)
if (ipfw_get_config(&g_co, &sfo, &cfg, &sz) != 0)
err(EX_OSERR, "retrieving config failed");
error = ipfw_show_config(&co, &sfo, cfg, sz, ac, av);
error = ipfw_show_config(&g_co, &sfo, cfg, sz, ac, av);
free(cfg);
@ -2974,7 +2980,8 @@ ipfw_check_object_name(const char *name)
return (0);
}
static char *default_state_name = "default";
static const char *default_state_name = "default";
static int
state_check_name(const char *name)
{
@ -3000,10 +3007,10 @@ eaction_check_name(const char *name)
}
static uint16_t
pack_object(struct tidx *tstate, char *name, int otype)
pack_object(struct tidx *tstate, const char *name, int otype)
{
int i;
ipfw_obj_ntlv *ntlv;
uint32_t i;
for (i = 0; i < tstate->count; i++) {
if (strcmp(tstate->idx[i].name, name) != 0)
@ -3037,7 +3044,7 @@ pack_object(struct tidx *tstate, char *name, int otype)
}
static uint16_t
pack_table(struct tidx *tstate, char *name)
pack_table(struct tidx *tstate, const char *name)
{
if (table_check_name(name) != 0)
@ -3116,7 +3123,7 @@ fill_ip(ipfw_insn_ip *cmd, char *av, int cblen, struct tidx *tstate)
int masklen;
char md, nd = '\0';
CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn) + 2 + len);
CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn) + 2 + len);
if (p) {
md = *p;
@ -3314,7 +3321,7 @@ ipfw_delete(char *av[])
/* Do not allow using the following syntax:
* ipfw set N delete set M
*/
if (co.use_set)
if (g_co.use_set)
errx(EX_DATAERR, "invalid syntax");
do_set = 1; /* delete set */
av++;
@ -3327,10 +3334,10 @@ ipfw_delete(char *av[])
if (*sep== '-')
j = strtol(sep + 1, NULL, 10);
av++;
if (co.do_nat) {
if (g_co.do_nat) {
exitval = ipfw_delete_nat(i);
} else if (co.do_pipe) {
exitval = ipfw_delete_pipe(co.do_pipe, i);
} else if (g_co.do_pipe) {
exitval = ipfw_delete_pipe(g_co.do_pipe, i);
} else {
memset(&rt, 0, sizeof(rt));
if (do_set != 0) {
@ -3343,24 +3350,24 @@ ipfw_delete(char *av[])
rt.flags |= IPFW_RCFLAG_ALL;
else
rt.flags |= IPFW_RCFLAG_RANGE;
if (co.use_set != 0) {
rt.set = co.use_set - 1;
if (g_co.use_set != 0) {
rt.set = g_co.use_set - 1;
rt.flags |= IPFW_RCFLAG_SET;
}
}
if (co.do_dynamic == 2)
if (g_co.do_dynamic == 2)
rt.flags |= IPFW_RCFLAG_DYNAMIC;
i = do_range_cmd(IP_FW_XDEL, &rt);
if (i != 0) {
exitval = EX_UNAVAILABLE;
if (co.do_quiet)
if (g_co.do_quiet)
continue;
warn("rule %u: setsockopt(IP_FW_XDEL)",
rt.start_rule);
} else if (rt.new_set == 0 && do_set == 0 &&
co.do_dynamic != 2) {
g_co.do_dynamic != 2) {
exitval = EX_UNAVAILABLE;
if (co.do_quiet)
if (g_co.do_quiet)
continue;
if (rt.start_rule != rt.end_rule)
warnx("no rules rules in %u-%u range",
@ -3371,7 +3378,7 @@ ipfw_delete(char *av[])
}
}
}
if (exitval != EX_OK && co.do_force == 0)
if (exitval != EX_OK && g_co.do_force == 0)
exit(exitval);
}
@ -3696,7 +3703,7 @@ add_src(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
struct in6_addr a;
char *host, *ch, buf[INET6_ADDRSTRLEN];
ipfw_insn *ret = NULL;
int len;
size_t len;
/* Copy first address in set if needed */
if ((ch = strpbrk(av, "/,")) != NULL) {
@ -3727,7 +3734,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
struct in6_addr a;
char *host, *ch, buf[INET6_ADDRSTRLEN];
ipfw_insn *ret = NULL;
int len;
size_t len;
/* Copy first address in set if needed */
if ((ch = strpbrk(av, "/,")) != NULL) {
@ -3764,7 +3771,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
* various match patterns, log/altq actions, and the actual action.
*
*/
void
static void
compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate)
{
/*
@ -4250,7 +4257,7 @@ chkarg:
len = sizeof(c->max_log);
if (sysctlbyname("net.inet.ip.fw.verbose_limit",
&c->max_log, &len, NULL, 0) == -1) {
if (co.test_only) {
if (g_co.test_only) {
c->max_log = 0;
break;
}
@ -5138,10 +5145,10 @@ done:
static int
compare_ntlv(const void *_a, const void *_b)
{
ipfw_obj_ntlv *a, *b;
const ipfw_obj_ntlv *a, *b;
a = (ipfw_obj_ntlv *)_a;
b = (ipfw_obj_ntlv *)_b;
a = (const ipfw_obj_ntlv *)_a;
b = (const ipfw_obj_ntlv *)_b;
if (a->set < b->set)
return (-1);
@ -5178,11 +5185,11 @@ struct object_kt {
static int
compare_object_kntlv(const void *k, const void *v)
{
ipfw_obj_ntlv *ntlv;
const ipfw_obj_ntlv *ntlv;
struct object_kt key;
key = *((struct object_kt *)k);
ntlv = (ipfw_obj_ntlv *)v;
key = *((const struct object_kt *)k);
ntlv = (const ipfw_obj_ntlv *)v;
if (key.uidx < ntlv->idx)
return (-1);
@ -5318,14 +5325,14 @@ ipfw_add(char *av[])
if (do_get3(IP_FW_XADD, op3, &sz) != 0)
err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_XADD");
if (!co.do_quiet) {
if (!g_co.do_quiet) {
struct format_opts sfo;
struct buf_pr bp;
memset(&sfo, 0, sizeof(sfo));
sfo.tstate = tstate;
sfo.set_mask = (uint32_t)(-1);
bp_alloc(&bp, 4096);
show_static_rule(&co, &sfo, &bp, rule, NULL);
show_static_rule(&g_co, &sfo, &bp, rule, NULL);
printf("%s", bp.buf);
bp_free(&bp);
}
@ -5361,7 +5368,7 @@ ipfw_zero(int ac, char *av[], int optname)
rt.flags = IPFW_RCFLAG_ALL;
if (do_range_cmd(optname, &rt) < 0)
err(EX_UNAVAILABLE, "setsockopt(IP_FW_X%s)", name);
if (!co.do_quiet)
if (!g_co.do_quiet)
printf("%s.\n", optname == IP_FW_XZERO ?
"Accounting cleared":"Logging counts reset");
@ -5379,8 +5386,8 @@ ipfw_zero(int ac, char *av[], int optname)
rt.start_rule = arg;
rt.end_rule = arg;
rt.flags |= IPFW_RCFLAG_RANGE;
if (co.use_set != 0) {
rt.set = co.use_set - 1;
if (g_co.use_set != 0) {
rt.set = g_co.use_set - 1;
rt.flags |= IPFW_RCFLAG_SET;
}
if (do_range_cmd(optname, &rt) != 0) {
@ -5390,7 +5397,7 @@ ipfw_zero(int ac, char *av[], int optname)
} else if (rt.new_set == 0) {
printf("Entry %d not found\n", arg);
failed = EX_UNAVAILABLE;
} else if (!co.do_quiet)
} else if (!g_co.do_quiet)
printf("Entry %d %s.\n", arg,
optname == IP_FW_XZERO ?
"cleared" : "logging count reset");
@ -5408,7 +5415,7 @@ ipfw_flush(int force)
{
ipfw_range_tlv rt;
if (!force && !co.do_quiet) { /* need to ask user */
if (!force && !g_co.do_quiet) { /* need to ask user */
int c;
printf("Are you sure? [yn] ");
@ -5423,21 +5430,21 @@ ipfw_flush(int force)
if (c == 'N') /* user said no */
return;
}
if (co.do_pipe) {
if (g_co.do_pipe) {
dummynet_flush();
return;
}
/* `ipfw set N flush` - is the same that `ipfw delete set N` */
memset(&rt, 0, sizeof(rt));
if (co.use_set != 0) {
rt.set = co.use_set - 1;
if (g_co.use_set != 0) {
rt.set = g_co.use_set - 1;
rt.flags = IPFW_RCFLAG_SET;
} else
rt.flags = IPFW_RCFLAG_ALL;
if (do_range_cmd(IP_FW_XDEL, &rt) != 0)
err(EX_UNAVAILABLE, "setsockopt(IP_FW_XDEL)");
if (!co.do_quiet)
printf("Flushed all %s.\n", co.do_pipe ? "pipes" : "rules");
if (!g_co.do_quiet)
printf("Flushed all %s.\n", g_co.do_pipe ? "pipes" : "rules");
}
static struct _s_x intcmds[] = {
@ -5473,13 +5480,13 @@ lookup_eaction_name(ipfw_obj_ntlv *ntlv, int cnt, uint16_t type)
}
static void
ipfw_list_objects(int ac, char *av[])
ipfw_list_objects(int ac __unused, char *av[] __unused)
{
ipfw_obj_lheader req, *olh;
ipfw_obj_ntlv *ntlv;
const char *name;
size_t sz;
int i;
uint32_t i;
memset(&req, 0, sizeof(req));
sz = sizeof(req);
@ -5577,10 +5584,10 @@ ipfw_get_tracked_ifaces(ipfw_obj_lheader **polh)
static int
ifinfo_cmp(const void *a, const void *b)
{
ipfw_iface_info *ia, *ib;
const ipfw_iface_info *ia, *ib;
ia = (ipfw_iface_info *)a;
ib = (ipfw_iface_info *)b;
ia = (const ipfw_iface_info *)a;
ib = (const ipfw_iface_info *)b;
return (stringnum_cmp(ia->ifname, ib->ifname));
}
@ -5591,11 +5598,12 @@ ifinfo_cmp(const void *a, const void *b)
* Returns 0 on success.
*/
static void
ipfw_list_tifaces()
ipfw_list_tifaces(void)
{
ipfw_obj_lheader *olh;
ipfw_iface_info *info;
int i, error;
uint32_t i;
int error;
if ((error = ipfw_get_tracked_ifaces(&olh)) != 0)
err(EX_OSERR, "Unable to request ipfw tracked interface list");

20
sbin/ipfw/ipfw2.h
View file

@ -51,7 +51,7 @@ struct cmdline_opts {
int do_sort; /* field to sort results (0 = no) */
/* valid fields are 1 and above */
int use_set; /* work with specified set number */
uint32_t use_set; /* work with specified set number */
/* 0 means all sets, otherwise apply to set use_set - 1 */
};
@ -62,7 +62,7 @@ enum {
TIMESTAMP_NUMERIC,
};
extern struct cmdline_opts co;
extern struct cmdline_opts g_co;
/*
* _s_x is a structure that stores a string <-> token pairs, used in
@ -331,7 +331,7 @@ struct buf_pr {
int pr_u64(struct buf_pr *bp, uint64_t *pd, int width);
int bp_alloc(struct buf_pr *b, size_t size);
void bp_free(struct buf_pr *b);
int bprintf(struct buf_pr *b, char *format, ...);
int bprintf(struct buf_pr *b, const char *format, ...);
/* memory allocation support */
@ -349,7 +349,7 @@ int match_token_relaxed(struct _s_x *table, const char *string);
int get_token(struct _s_x *table, const char *string, const char *errbase);
char const *match_value(struct _s_x *p, int value);
size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
char *delimiter);
const char *delimiter);
int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set,
uint32_t *clear);
void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set);
@ -361,7 +361,7 @@ int do_get3(int optname, struct _ip_fw3_opheader *op3, size_t *optlen);
struct in6_addr;
void n2mask(struct in6_addr *mask, int n);
int contigmask(uint8_t *p, int len);
int contigmask(const uint8_t *p, int len);
/*
* Forward declarations to avoid include way too many headers.
@ -409,7 +409,7 @@ int ipfw_check_nat64prefix(const struct in6_addr *prefix, int length);
/* altq.c */
void altq_set_enabled(int enabled);
u_int32_t altq_name_to_qid(const char *name);
void print_altq_cmd(struct buf_pr *bp, struct _ipfw_insn_altq *altqptr);
void print_altq_cmd(struct buf_pr *bp, const struct _ipfw_insn_altq *altqptr);
#else
#define NO_ALTQ
#endif
@ -421,10 +421,10 @@ int ipfw_delete_pipe(int pipe_or_queue, int n);
/* ipv6.c */
void print_unreach6_code(struct buf_pr *bp, uint16_t code);
void print_ip6(struct buf_pr *bp, struct _ipfw_insn_ip6 *cmd);
void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd );
void print_ip6(struct buf_pr *bp, const struct _ipfw_insn_ip6 *cmd);
void print_flow6id(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
void print_icmp6types(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
void print_ext6hdr(struct buf_pr *bp, const struct _ipfw_insn *cmd);
struct tidx;
struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen,

27
sbin/ipfw/ipv6.c
View file

@ -85,14 +85,14 @@ print_unreach6_code(struct buf_pr *bp, uint16_t code)
* Print the ip address contained in a command.
*/
void
print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd)
print_ip6(struct buf_pr *bp, const ipfw_insn_ip6 *cmd)
{
char trad[255];
struct hostent *he = NULL;
struct in6_addr *a = &(cmd->addr6);
const struct in6_addr *a = &(cmd->addr6);
int len, mb;
len = F_LEN((ipfw_insn *) cmd) - 1;
len = F_LEN((const ipfw_insn *)cmd) - 1;
if (cmd->o.opcode == O_IP6_SRC_ME || cmd->o.opcode == O_IP6_DST_ME) {
bprintf(bp, " me6");
return;
@ -112,10 +112,11 @@ print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd)
/* mask length */
mb = (cmd->o.opcode == O_IP6_SRC ||
cmd->o.opcode == O_IP6_DST) ? 128:
contigmask((uint8_t *)&(a[1]), 128);
contigmask((const uint8_t *)&(a[1]), 128);
if (mb == 128 && co.do_resolv)
he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6);
if (mb == 128 && g_co.do_resolv)
he = gethostbyaddr((const char *)a, sizeof(*a),
AF_INET6);
if (he != NULL) /* resolved to name */
bprintf(bp, "%s", he->h_name);
@ -142,7 +143,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cblen)
{
uint8_t type;
CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_icmp6));
CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn_icmp6));
memset(cmd, 0, sizeof(*cmd));
while (*av) {
if (*av == ',')
@ -165,7 +166,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cblen)
}
void
print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd)
print_icmp6types(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
int i, j;
char sep= ' ';
@ -181,7 +182,7 @@ print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd)
}
void
print_flow6id(struct buf_pr *bp, ipfw_insn_u32 *cmd)
print_flow6id(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
uint16_t i, limit = cmd->o.arg1;
char sep = ',';
@ -257,7 +258,7 @@ fill_ext6hdr( ipfw_insn *cmd, char *av)
}
void
print_ext6hdr(struct buf_pr *bp, ipfw_insn *cmd )
print_ext6hdr(struct buf_pr *bp, const ipfw_insn *cmd )
{
char sep = ' ';
@ -364,7 +365,8 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen, struct tidx *tstate)
int masklen;
char md = '\0';
CHECK_LENGTH(cblen, 1 + len + 2 * F_INSN_SIZE(struct in6_addr));
CHECK_LENGTH(cblen,
1 + len + 2 * (int)F_INSN_SIZE(struct in6_addr));
if ((q = strchr(av, ',')) ) {
*q = '\0';
@ -453,7 +455,8 @@ fill_flow6( ipfw_insn_u32 *cmd, char *av, int cblen)
cmd->d[0] = 0; /* Initializing the base number*/
while (s) {
CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_u32) + nflow + 1);
CHECK_LENGTH(cblen,
(int)F_INSN_SIZE(ipfw_insn_u32) + nflow + 1);
av = strsep( &s, ",") ;
type = strtoul(av, &av, 0);

84
sbin/ipfw/main.c
View file

@ -226,8 +226,8 @@ ipfw_main(int oldac, char **oldav)
av[ac] = NULL;
/* Set the force flag for non-interactive processes */
if (!co.do_force)
co.do_force = !isatty(STDIN_FILENO);
if (!g_co.do_force)
g_co.do_force = !isatty(STDIN_FILENO);
#ifdef EMULATE_SYSCTL /* sysctl emulation */
if ( ac >= 2 && !strcmp(av[1], "sysctl")) {
@ -269,20 +269,20 @@ ipfw_main(int oldac, char **oldav)
break;
case 'b':
co.comment_only = 1;
co.do_compact = 1;
g_co.comment_only = 1;
g_co.do_compact = 1;
break;
case 'c':
co.do_compact = 1;
g_co.do_compact = 1;
break;
case 'd':
co.do_dynamic = 1;
g_co.do_dynamic = 1;
break;
case 'D':
co.do_dynamic = 2;
g_co.do_dynamic = 2;
break;
case 'e':
@ -290,7 +290,7 @@ ipfw_main(int oldac, char **oldav)
break;
case 'f':
co.do_force = 1;
g_co.do_force = 1;
break;
case 'h': /* help */
@ -299,15 +299,15 @@ ipfw_main(int oldac, char **oldav)
break; /* NOTREACHED */
case 'i':
co.do_value_as_ip = 1;
g_co.do_value_as_ip = 1;
break;
case 'n':
co.test_only = 1;
g_co.test_only = 1;
break;
case 'N':
co.do_resolv = 1;
g_co.do_resolv = 1;
break;
case 'p':
@ -316,27 +316,27 @@ ipfw_main(int oldac, char **oldav)
/* NOTREACHED */
case 'q':
co.do_quiet = 1;
g_co.do_quiet = 1;
break;
case 's': /* sort */
co.do_sort = atoi(optarg);
g_co.do_sort = atoi(optarg);
break;
case 'S':
co.show_sets = 1;
g_co.show_sets = 1;
break;
case 't':
co.do_time = TIMESTAMP_STRING;
g_co.do_time = TIMESTAMP_STRING;
break;
case 'T':
co.do_time = TIMESTAMP_NUMERIC;
g_co.do_time = TIMESTAMP_NUMERIC;
break;
case 'v': /* verbose */
co.verbose = 1;
g_co.verbose = 1;
break;
default:
@ -363,31 +363,31 @@ ipfw_main(int oldac, char **oldav)
/*
* Optional: pipe, queue or nat.
*/
co.do_nat = 0;
co.do_pipe = 0;
co.use_set = 0;
g_co.do_nat = 0;
g_co.do_pipe = 0;
g_co.use_set = 0;
if (!strncmp(*av, "nat", strlen(*av)))
co.do_nat = 1;
else if (!strncmp(*av, "pipe", strlen(*av)))
co.do_pipe = 1;
g_co.do_nat = 1;
else if (!strncmp(*av, "pipe", strlen(*av)))
g_co.do_pipe = 1;
else if (_substrcmp(*av, "queue") == 0)
co.do_pipe = 2;
g_co.do_pipe = 2;
else if (_substrcmp(*av, "flowset") == 0)
co.do_pipe = 2;
g_co.do_pipe = 2;
else if (_substrcmp(*av, "sched") == 0)
co.do_pipe = 3;
g_co.do_pipe = 3;
else if (!strncmp(*av, "set", strlen(*av))) {
if (ac > 1 && isdigit(av[1][0])) {
co.use_set = strtonum(av[1], 0, resvd_set_number,
g_co.use_set = strtonum(av[1], 0, resvd_set_number,
&errstr);
if (errstr)
errx(EX_DATAERR,
"invalid set number %s\n", av[1]);
ac -= 2; av += 2; co.use_set++;
ac -= 2; av += 2; g_co.use_set++;
}
}
if (co.do_pipe || co.do_nat) {
if (g_co.do_pipe || g_co.do_nat) {
ac--;
av++;
}
@ -398,21 +398,21 @@ ipfw_main(int oldac, char **oldav)
* but the code is easier to parse as 'nat|pipe config NN'
* so we swap the two arguments.
*/
if ((co.do_pipe || co.do_nat) && ac > 1 && isdigit(*av[0])) {
if ((g_co.do_pipe || g_co.do_nat) && ac > 1 && isdigit(*av[0])) {
char *p = av[0];
av[0] = av[1];
av[1] = p;
}
if (co.use_set == 0) {
if (g_co.use_set == 0) {
if (_substrcmp(*av, "add") == 0)
ipfw_add(av);
else if (co.do_nat && _substrcmp(*av, "show") == 0)
else if (g_co.do_nat && _substrcmp(*av, "show") == 0)
ipfw_show_nat(ac, av);
else if (co.do_pipe && _substrcmp(*av, "config") == 0)
else if (g_co.do_pipe && _substrcmp(*av, "config") == 0)
ipfw_config_pipe(ac, av);
else if (co.do_nat && _substrcmp(*av, "config") == 0)
else if (g_co.do_nat && _substrcmp(*av, "config") == 0)
ipfw_config_nat(ac, av);
else if (_substrcmp(*av, "set") == 0)
ipfw_sets_handler(av);
@ -426,7 +426,7 @@ ipfw_main(int oldac, char **oldav)
try_next = 1;
}
if (co.use_set || try_next) {
if (g_co.use_set || try_next) {
if (_substrcmp(*av, "delete") == 0)
ipfw_delete(av);
else if (!strncmp(*av, "nat64clat", strlen(*av)))
@ -438,7 +438,7 @@ ipfw_main(int oldac, char **oldav)
else if (!strncmp(*av, "nptv6", strlen(*av)))
ipfw_nptv6_handler(ac, av);
else if (_substrcmp(*av, "flush") == 0)
ipfw_flush(co.do_force);
ipfw_flush(g_co.do_force);
else if (_substrcmp(*av, "zero") == 0)
ipfw_zero(ac, av, 0 /* IP_FW_ZERO */);
else if (_substrcmp(*av, "resetlog") == 0)
@ -477,19 +477,19 @@ ipfw_readfile(int ac, char *av[])
while ((c = getopt(ac, av, "cfNnp:qS")) != -1) {
switch(c) {
case 'c':
co.do_compact = 1;
g_co.do_compact = 1;
break;
case 'f':
co.do_force = 1;
g_co.do_force = 1;
break;
case 'N':
co.do_resolv = 1;
g_co.do_resolv = 1;
break;
case 'n':
co.test_only = 1;
g_co.test_only = 1;
break;
case 'p':
@ -518,11 +518,11 @@ ipfw_readfile(int ac, char *av[])
break;
case 'q':
co.do_quiet = 1;
g_co.do_quiet = 1;
break;
case 'S':
co.show_sets = 1;
g_co.show_sets = 1;
break;
default:

26
sbin/ipfw/nat.c
View file

@ -117,7 +117,7 @@ set_addr_dynamic(const char *ifn, struct nat44_cfg_nat *n)
ifm = (struct if_msghdr *)next;
next += ifm->ifm_msglen;
if (ifm->ifm_version != RTM_VERSION) {
if (co.verbose)
if (g_co.verbose)
warnx("routing message version %d "
"not understood", ifm->ifm_version);
continue;
@ -141,7 +141,7 @@ set_addr_dynamic(const char *ifn, struct nat44_cfg_nat *n)
ifam = (struct ifa_msghdr *)next;
next += ifam->ifam_msglen;
if (ifam->ifam_version != RTM_VERSION) {
if (co.verbose)
if (g_co.verbose)
warnx("routing message version %d "
"not understood", ifam->ifam_version);
continue;
@ -623,7 +623,7 @@ setup_redir_proto(char *buf, int *ac, char ***av)
}
static void
nat_show_log(struct nat44_cfg_nat *n, void *arg)
nat_show_log(struct nat44_cfg_nat *n, void *arg __unused)
{
char *buf;
@ -633,13 +633,14 @@ nat_show_log(struct nat44_cfg_nat *n, void *arg)
}
static void
nat_show_cfg(struct nat44_cfg_nat *n, void *arg)
nat_show_cfg(struct nat44_cfg_nat *n, void *arg __unused)
{
int i, cnt, off;
struct nat44_cfg_redir *t;
struct nat44_cfg_spool *s;
caddr_t buf;
struct protoent *p;
uint32_t cnt;
int i, off;
buf = (caddr_t)n;
off = sizeof(*n);
@ -931,7 +932,7 @@ ipfw_config_nat(int ac, char **av)
if (i != 0)
err(1, "setsockopt(%s)", "IP_FW_NAT44_XCONFIG");
if (!co.do_quiet) {
if (!g_co.do_quiet) {
/* After every modification, we show the resultant rule. */
int _ac = 3;
const char *_av[] = {"show", "config", id};
@ -960,7 +961,7 @@ ipfw_delete_nat(int i)
nat_fill_ntlv(&oh.ntlv, i);
ret = do_set3(IP_FW_NAT44_DESTROY, &oh.opheader, sizeof(oh));
if (ret == -1) {
if (!co.do_quiet)
if (!g_co.do_quiet)
warn("nat %u not available", i);
return (EX_UNAVAILABLE);
}
@ -1012,10 +1013,10 @@ nat_show_data(struct nat44_cfg_nat *cfg, void *arg)
static int
natname_cmp(const void *a, const void *b)
{
struct nat44_cfg_nat *ia, *ib;
const struct nat44_cfg_nat *ia, *ib;
ia = (struct nat44_cfg_nat *)a;
ib = (struct nat44_cfg_nat *)b;
ia = (const struct nat44_cfg_nat *)a;
ib = (const struct nat44_cfg_nat *)b;
return (stringnum_cmp(ia->name, ib->name));
}
@ -1031,7 +1032,8 @@ nat_foreach(nat_cb_t *f, void *arg, int sort)
ipfw_obj_lheader *olh;
struct nat44_cfg_nat *cfg;
size_t sz;
int i, error;
uint32_t i;
int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(struct nat44_cfg_nat);
@ -1110,7 +1112,7 @@ ipfw_show_nat(int ac, char **av)
ac--;
av++;
if (co.test_only)
if (g_co.test_only)
return;
/* Parse parameters. */

24
sbin/ipfw/nat64clat.c
View file

@ -96,8 +96,8 @@ ipfw_nat64clat_handler(int ac, char *av[])
int tcmd;
uint8_t set;
if (co.use_set != 0)
set = co.use_set - 1;
if (g_co.use_set != 0)
set = g_co.use_set - 1;
else
set = 0;
ac--; av++;
@ -389,7 +389,7 @@ nat64clat_stats(const char *name, uint8_t set)
if (nat64clat_get_stats(name, set, &stats) != 0)
err(EX_OSERR, "Error retrieving stats");
if (co.use_set != 0 || set != 0)
if (g_co.use_set != 0 || set != 0)
printf("set %u ", set);
printf("nat64clat %s\n", name);
@ -438,10 +438,10 @@ nat64clat_show_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set)
if (name != NULL && strcmp(cfg->name, name) != 0)
return (ESRCH);
if (co.use_set != 0 && cfg->set != set)
if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
if (co.use_set != 0 || cfg->set != 0)
if (g_co.use_set != 0 || cfg->set != 0)
printf("set %u ", cfg->set);
inet_ntop(AF_INET6, &cfg->clat_prefix, clat_buf, sizeof(clat_buf));
@ -457,10 +457,11 @@ nat64clat_show_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set)
}
static int
nat64clat_destroy_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set)
nat64clat_destroy_cb(ipfw_nat64clat_cfg *cfg, const char *name __unused,
uint8_t set)
{
if (co.use_set != 0 && cfg->set != set)
if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
nat64clat_destroy(cfg->name, cfg->set);
@ -475,10 +476,10 @@ nat64clat_destroy_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set)
static int
nat64name_cmp(const void *a, const void *b)
{
ipfw_nat64clat_cfg *ca, *cb;
const ipfw_nat64clat_cfg *ca, *cb;
ca = (ipfw_nat64clat_cfg *)a;
cb = (ipfw_nat64clat_cfg *)b;
ca = (const ipfw_nat64clat_cfg *)a;
cb = (const ipfw_nat64clat_cfg *)b;
if (ca->set > cb->set)
return (1);
@ -500,7 +501,8 @@ nat64clat_foreach(nat64clat_cb_t *f, const char *name, uint8_t set, int sort)
ipfw_obj_lheader *olh;
ipfw_nat64clat_cfg *cfg;
size_t sz;
int i, error;
uint32_t i;
int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(*cfg);

48
sbin/ipfw/nat64lsn.c
View file

@ -84,13 +84,15 @@ static uint64_t
nat64lsn_print_states(void *buf)
{
char s[INET6_ADDRSTRLEN], a[INET_ADDRSTRLEN], f[INET_ADDRSTRLEN];
char sflags[4], *sf, *proto;
const char *proto;
char sflags[4], *sf;
ipfw_obj_header *oh;
ipfw_obj_data *od;
ipfw_nat64lsn_stg_v1 *stg;
ipfw_nat64lsn_state_v1 *ste;
uint64_t next_idx;
int i, sz;
uint32_t i;
int sz;
oh = (ipfw_obj_header *)buf;
od = (ipfw_obj_data *)(oh + 1);
@ -256,8 +258,8 @@ ipfw_nat64lsn_handler(int ac, char *av[])
int tcmd;
uint8_t set;
if (co.use_set != 0)
set = co.use_set - 1;
if (g_co.use_set != 0)
set = g_co.use_set - 1;
else
set = 0;
ac--; av++;
@ -704,7 +706,7 @@ nat64lsn_stats(const char *name, uint8_t set)
if (nat64lsn_get_stats(name, set, &stats) != 0)
err(EX_OSERR, "Error retrieving stats");
if (co.use_set != 0 || set != 0)
if (g_co.use_set != 0 || set != 0)
printf("set %u ", set);
printf("nat64lsn %s\n", name);
printf("\t%ju packets translated from IPv6 to IPv4\n",
@ -769,32 +771,32 @@ nat64lsn_show_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set)
if (name != NULL && strcmp(cfg->name, name) != 0)
return (ESRCH);
if (co.use_set != 0 && cfg->set != set)
if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
if (co.use_set != 0 || cfg->set != 0)
if (g_co.use_set != 0 || cfg->set != 0)
printf("set %u ", cfg->set);
inet_ntop(AF_INET, &cfg->prefix4, abuf, sizeof(abuf));
printf("nat64lsn %s prefix4 %s/%u", cfg->name, abuf, cfg->plen4);
inet_ntop(AF_INET6, &cfg->prefix6, abuf, sizeof(abuf));
printf(" prefix6 %s/%u", abuf, cfg->plen6);
if (co.verbose || cfg->states_chunks > 1)
if (g_co.verbose || cfg->states_chunks > 1)
printf(" states_chunks %u", cfg->states_chunks);
if (co.verbose || cfg->nh_delete_delay != NAT64LSN_HOST_AGE)
if (g_co.verbose || cfg->nh_delete_delay != NAT64LSN_HOST_AGE)
printf(" host_del_age %u", cfg->nh_delete_delay);
if (co.verbose || cfg->pg_delete_delay != NAT64LSN_PG_AGE)
if (g_co.verbose || cfg->pg_delete_delay != NAT64LSN_PG_AGE)
printf(" pg_del_age %u", cfg->pg_delete_delay);
if (co.verbose || cfg->st_syn_ttl != NAT64LSN_TCP_SYN_AGE)
if (g_co.verbose || cfg->st_syn_ttl != NAT64LSN_TCP_SYN_AGE)
printf(" tcp_syn_age %u", cfg->st_syn_ttl);
if (co.verbose || cfg->st_close_ttl != NAT64LSN_TCP_FIN_AGE)
if (g_co.verbose || cfg->st_close_ttl != NAT64LSN_TCP_FIN_AGE)
printf(" tcp_close_age %u", cfg->st_close_ttl);
if (co.verbose || cfg->st_estab_ttl != NAT64LSN_TCP_EST_AGE)
if (g_co.verbose || cfg->st_estab_ttl != NAT64LSN_TCP_EST_AGE)
printf(" tcp_est_age %u", cfg->st_estab_ttl);
if (co.verbose || cfg->st_udp_ttl != NAT64LSN_UDP_AGE)
if (g_co.verbose || cfg->st_udp_ttl != NAT64LSN_UDP_AGE)
printf(" udp_age %u", cfg->st_udp_ttl);
if (co.verbose || cfg->st_icmp_ttl != NAT64LSN_ICMP_AGE)
if (g_co.verbose || cfg->st_icmp_ttl != NAT64LSN_ICMP_AGE)
printf(" icmp_age %u", cfg->st_icmp_ttl);
if (co.verbose || cfg->jmaxlen != NAT64LSN_JMAXLEN)
if (g_co.verbose || cfg->jmaxlen != NAT64LSN_JMAXLEN)
printf(" jmaxlen %u", cfg->jmaxlen);
if (cfg->flags & NAT64_LOG)
printf(" log");
@ -805,10 +807,11 @@ nat64lsn_show_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set)
}
static int
nat64lsn_destroy_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set)
nat64lsn_destroy_cb(ipfw_nat64lsn_cfg *cfg, const char *name __unused,
uint8_t set)
{
if (co.use_set != 0 && cfg->set != set)
if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
nat64lsn_destroy(cfg->name, cfg->set);
@ -823,10 +826,10 @@ nat64lsn_destroy_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set)
static int
nat64name_cmp(const void *a, const void *b)
{
ipfw_nat64lsn_cfg *ca, *cb;
const ipfw_nat64lsn_cfg *ca, *cb;
ca = (ipfw_nat64lsn_cfg *)a;
cb = (ipfw_nat64lsn_cfg *)b;
ca = (const ipfw_nat64lsn_cfg *)a;
cb = (const ipfw_nat64lsn_cfg *)b;
if (ca->set > cb->set)
return (1);
@ -848,7 +851,8 @@ nat64lsn_foreach(nat64lsn_cb_t *f, const char *name, uint8_t set, int sort)
ipfw_obj_lheader *olh;
ipfw_nat64lsn_cfg *cfg;
size_t sz;
int i, error;
uint32_t i;
int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(ipfw_nat64lsn_cfg);

24
sbin/ipfw/nat64stl.c
View file

@ -128,8 +128,8 @@ ipfw_nat64stl_handler(int ac, char *av[])
int tcmd;
uint8_t set;
if (co.use_set != 0)
set = co.use_set - 1;
if (g_co.use_set != 0)
set = g_co.use_set - 1;
else
set = 0;
ac--; av++;
@ -405,7 +405,7 @@ nat64stl_stats(const char *name, uint8_t set)
if (nat64stl_get_stats(name, set, &stats) != 0)
err(EX_OSERR, "Error retrieving stats");
if (co.use_set != 0 || set != 0)
if (g_co.use_set != 0 || set != 0)
printf("set %u ", set);
printf("nat64stl %s\n", name);
@ -454,10 +454,10 @@ nat64stl_show_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
if (name != NULL && strcmp(cfg->name, name) != 0)
return (ESRCH);
if (co.use_set != 0 && cfg->set != set)
if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
if (co.use_set != 0 || cfg->set != 0)
if (g_co.use_set != 0 || cfg->set != 0)
printf("set %u ", cfg->set);
printf("nat64stl %s table4 %s table6 %s",
@ -473,10 +473,11 @@ nat64stl_show_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
}
static int
nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name __unused,
uint8_t set)
{
if (co.use_set != 0 && cfg->set != set)
if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
nat64stl_destroy(cfg->name, cfg->set);
@ -491,10 +492,10 @@ nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
static int
nat64name_cmp(const void *a, const void *b)
{
ipfw_nat64stl_cfg *ca, *cb;
const ipfw_nat64stl_cfg *ca, *cb;
ca = (ipfw_nat64stl_cfg *)a;
cb = (ipfw_nat64stl_cfg *)b;
ca = (const ipfw_nat64stl_cfg *)a;
cb = (const ipfw_nat64stl_cfg *)b;
if (ca->set > cb->set)
return (1);
@ -516,7 +517,8 @@ nat64stl_foreach(nat64stl_cb_t *f, const char *name, uint8_t set, int sort)
ipfw_obj_lheader *olh;
ipfw_nat64stl_cfg *cfg;
size_t sz;
int i, error;
uint32_t i;
int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(*cfg);

25
sbin/ipfw/nptv6.c
View file

@ -89,8 +89,8 @@ ipfw_nptv6_handler(int ac, char *av[])
int tcmd;
uint8_t set;
if (co.use_set != 0)
set = co.use_set - 1;
if (g_co.use_set != 0)
set = g_co.use_set - 1;
else
set = 0;
ac--; av++;
@ -193,7 +193,7 @@ nptv6_create(const char *name, uint8_t set, int ac, char *av[])
ipfw_nptv6_cfg *cfg;
ipfw_obj_lheader *olh;
int tcmd, flags, plen;
char *p = "\0";
char *p;
plen = 0;
memset(buf, 0, sizeof(buf));
@ -326,7 +326,7 @@ nptv6_stats(const char *name, uint8_t set)
if (nptv6_get_stats(name, set, &stats) != 0)
err(EX_OSERR, "Error retrieving stats");
if (co.use_set != 0 || set != 0)
if (g_co.use_set != 0 || set != 0)
printf("set %u ", set);
printf("nptv6 %s\n", name);
printf("\t%ju packets translated (internal to external)\n",
@ -360,10 +360,10 @@ nptv6_show_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set)
if (name != NULL && strcmp(cfg->name, name) != 0)
return (ESRCH);
if (co.use_set != 0 && cfg->set != set)
if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
if (co.use_set != 0 || cfg->set != 0)
if (g_co.use_set != 0 || cfg->set != 0)
printf("set %u ", cfg->set);
inet_ntop(AF_INET6, &cfg->internal, abuf, sizeof(abuf));
printf("nptv6 %s int_prefix %s ", cfg->name, abuf);
@ -378,10 +378,10 @@ nptv6_show_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set)
}
static int
nptv6_destroy_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set)
nptv6_destroy_cb(ipfw_nptv6_cfg *cfg, const char *name __unused, uint8_t set)
{
if (co.use_set != 0 && cfg->set != set)
if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
nptv6_destroy(cfg->name, cfg->set);
@ -396,10 +396,10 @@ nptv6_destroy_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set)
static int
nptv6name_cmp(const void *a, const void *b)
{
ipfw_nptv6_cfg *ca, *cb;
const ipfw_nptv6_cfg *ca, *cb;
ca = (ipfw_nptv6_cfg *)a;
cb = (ipfw_nptv6_cfg *)b;
ca = (const ipfw_nptv6_cfg *)a;
cb = (const ipfw_nptv6_cfg *)b;
if (ca->set > cb->set)
return (1);
@ -419,7 +419,8 @@ nptv6_foreach(nptv6_cb_t *f, const char *name, uint8_t set, int sort)
ipfw_obj_lheader *olh;
ipfw_nptv6_cfg *cfg;
size_t sz;
int i, error;
uint32_t i;
int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(*cfg);

75
sbin/ipfw/tables.c
View file

@ -159,8 +159,8 @@ ipfw_table_handler(int ac, char *av[])
memset(&oh, 0, sizeof(oh));
is_all = 0;
if (co.use_set != 0)
set = co.use_set - 1;
if (g_co.use_set != 0)
set = g_co.use_set - 1;
else
set = 0;
@ -213,8 +213,8 @@ ipfw_table_handler(int ac, char *av[])
case TOK_DEL:
do_add = **av == 'a';
ac--; av++;
table_modify_record(&oh, ac, av, do_add, co.do_quiet,
co.do_quiet, atomic);
table_modify_record(&oh, ac, av, do_add, g_co.do_quiet,
g_co.do_quiet, atomic);
break;
case TOK_CREATE:
ac--; av++;
@ -232,7 +232,7 @@ ipfw_table_handler(int ac, char *av[])
err(EX_OSERR, "failed to destroy table %s",
tablename);
/* ESRCH isn't fatal, warn if not quiet mode */
if (co.do_quiet == 0)
if (g_co.do_quiet == 0)
warn("failed to destroy table %s", tablename);
} else {
error = tables_foreach(table_destroy_one, &oh, 1);
@ -249,7 +249,7 @@ ipfw_table_handler(int ac, char *av[])
err(EX_OSERR, "failed to flush table %s info",
tablename);
/* ESRCH isn't fatal, warn if not quiet mode */
if (co.do_quiet == 0)
if (g_co.do_quiet == 0)
warn("failed to flush table %s info",
tablename);
} else {
@ -284,7 +284,6 @@ ipfw_table_handler(int ac, char *av[])
case TOK_LIST:
arg = is_all ? (void*)1 : NULL;
if (is_all == 0) {
ipfw_xtable_info i;
if ((error = table_get_info(&oh, &i)) != 0)
err(EX_OSERR, "failed to request table info");
table_show_one(&i, arg);
@ -341,7 +340,7 @@ static struct _s_x flowtypecmds[] = {
{ NULL, 0 }
};
int
static int
table_parse_type(uint8_t ttype, char *p, uint8_t *tflags)
{
uint32_t fset, fclear;
@ -363,7 +362,7 @@ table_parse_type(uint8_t ttype, char *p, uint8_t *tflags)
return (0);
}
void
static void
table_print_type(char *tbuf, size_t size, uint8_t type, uint8_t tflags)
{
const char *tname;
@ -614,7 +613,7 @@ table_destroy_one(ipfw_xtable_info *i, void *arg)
oh = (ipfw_obj_header *)arg;
table_fill_ntlv(&oh->ntlv, i->tablename, i->set, 1);
if (table_destroy(oh) != 0) {
if (co.do_quiet == 0)
if (g_co.do_quiet == 0)
warn("failed to destroy table(%s) in set %u",
i->tablename, i->set);
return (-1);
@ -723,7 +722,7 @@ struct ta_cldata {
* Print global/per-AF table @i algorithm info.
*/
static void
table_show_tainfo(ipfw_xtable_info *i, struct ta_cldata *d,
table_show_tainfo(ipfw_xtable_info *i __unused, struct ta_cldata *d,
const char *af, const char *taclass)
{
@ -935,10 +934,10 @@ table_modify_record(ipfw_obj_header *oh, int ac, char *av[], int add,
{
ipfw_obj_tentry *ptent, tent, *tent_buf;
ipfw_xtable_info xi;
const char *etxt, *px, *texterr;
uint8_t type;
uint32_t vmask;
int cmd, count, error, i, ignored;
char *texterr, *etxt, *px;
if (ac == 0)
errx(EX_USAGE, "address required");
@ -1434,7 +1433,7 @@ tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *key,
error = 0;
if (error == 0) {
if (co.test_only == 0) {
if (g_co.test_only == 0) {
/* Table found */
type = xi->type;
tflags = xi->tflags;
@ -1494,16 +1493,17 @@ set_legacy_value(uint32_t val, ipfw_table_value *v)
}
static void
tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
uint8_t type, uint32_t vmask)
tentry_fill_value(ipfw_obj_header *oh __unused, ipfw_obj_tentry *tent,
char *arg, uint8_t type __unused, uint32_t vmask)
{
struct addrinfo hints, *res;
struct in_addr ipaddr;
const char *etype;
char *comma, *e, *n, *p;
uint32_t a4, flag, val;
ipfw_table_value *v;
uint32_t i;
int dval;
char *comma, *e, *etype, *n, *p;
struct in_addr ipaddr;
v = &tent->v.value;
@ -1535,7 +1535,7 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
n = arg;
etype = NULL;
for (i = 1; i < (1 << 31); i *= 2) {
for (i = 1; i < (1u << 31); i *= 2) {
if ((flag = (vmask & i)) == 0)
continue;
vmask &= ~flag;
@ -1649,10 +1649,10 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
static int
tablename_cmp(const void *a, const void *b)
{
ipfw_xtable_info *ia, *ib;
const ipfw_xtable_info *ia, *ib;
ia = (ipfw_xtable_info *)a;
ib = (ipfw_xtable_info *)b;
ia = (const ipfw_xtable_info *)a;
ib = (const ipfw_xtable_info *)b;
return (stringnum_cmp(ia->tablename, ib->tablename));
}
@ -1668,7 +1668,8 @@ tables_foreach(table_cb_t *f, void *arg, int sort)
ipfw_obj_lheader *olh;
ipfw_xtable_info *info;
size_t sz;
int i, error;
uint32_t i;
int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(ipfw_xtable_info);
@ -1692,7 +1693,7 @@ tables_foreach(table_cb_t *f, void *arg, int sort)
info = (ipfw_xtable_info *)(olh + 1);
for (i = 0; i < olh->count; i++) {
if (co.use_set == 0 || info->set == co.use_set - 1)
if (g_co.use_set == 0 || info->set == g_co.use_set - 1)
error = f(info, arg);
info = (ipfw_xtable_info *)((caddr_t)info +
olh->objsize);
@ -1791,7 +1792,7 @@ table_show_value(char *buf, size_t bufsize, ipfw_table_value *v,
return;
}
for (i = 1; i < (1 << 31); i *= 2) {
for (i = 1; i < (1u << 31); i *= 2) {
if ((flag = (vmask & i)) == 0)
continue;
l = 0;
@ -1853,12 +1854,13 @@ table_show_value(char *buf, size_t bufsize, ipfw_table_value *v,
static void
table_show_entry(ipfw_xtable_info *i, ipfw_obj_tentry *tent)
{
char *comma, tbuf[128], pval[128];
char tbuf[128], pval[128];
const char *comma;
void *paddr;
struct tflow_entry *tfe;
table_show_value(pval, sizeof(pval), &tent->v.value, i->vmask,
co.do_value_as_ip);
g_co.do_value_as_ip);
switch (i->type) {
case IPFW_TABLE_ADDR:
@ -1961,12 +1963,13 @@ table_do_get_vlist(ipfw_obj_lheader **polh)
}
void
ipfw_list_ta(int ac, char *av[])
ipfw_list_ta(int ac __unused, char *av[] __unused)
{
ipfw_obj_lheader *olh;
ipfw_ta_info *info;
int error, i;
const char *atype;
uint32_t i;
int error;
error = table_do_get_algolist(&olh);
if (error != 0)
@ -2006,13 +2009,13 @@ struct _table_value {
uint64_t refcnt; /* Number of references */
};
int
static int
compare_values(const void *_a, const void *_b)
{
struct _table_value *a, *b;
const struct _table_value *a, *b;
a = (struct _table_value *)_a;
b = (struct _table_value *)_b;
a = (const struct _table_value *)_a;
b = (const struct _table_value *)_b;
if (a->spare1 < b->spare1)
return (-1);
@ -2023,13 +2026,13 @@ compare_values(const void *_a, const void *_b)
}
void
ipfw_list_values(int ac, char *av[])
ipfw_list_values(int ac __unused, char *av[] __unused)
{
char buf[128];
ipfw_obj_lheader *olh;
struct _table_value *v;
int error, i;
uint32_t vmask;
char buf[128];
uint32_t i, vmask;
int error;
error = table_do_get_vlist(&olh);
if (error != 0)