svn commit: r363605 - stable/12/sbin/ipfw
Mark Johnston
markj at FreeBSD.org
Mon Jul 27 14:15:52 UTC 2020
Author: markj
Date: Mon Jul 27 14:15:50 2020
New Revision: 363605
URL: https://svnweb.freebsd.org/changeset/base/363605
Log:
MFC r363164, r363166:
ipfw(8): Fix most warnings with the default WARNS level.
Modified:
stable/12/sbin/ipfw/Makefile
stable/12/sbin/ipfw/altq.c
stable/12/sbin/ipfw/dummynet.c
stable/12/sbin/ipfw/ipfw2.c
stable/12/sbin/ipfw/ipfw2.h
stable/12/sbin/ipfw/ipv6.c
stable/12/sbin/ipfw/main.c
stable/12/sbin/ipfw/nat.c
stable/12/sbin/ipfw/nat64clat.c
stable/12/sbin/ipfw/nat64lsn.c
stable/12/sbin/ipfw/nat64stl.c
stable/12/sbin/ipfw/nptv6.c
stable/12/sbin/ipfw/tables.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sbin/ipfw/Makefile
==============================================================================
--- stable/12/sbin/ipfw/Makefile Mon Jul 27 14:14:06 2020 (r363604)
+++ stable/12/sbin/ipfw/Makefile Mon Jul 27 14:15:50 2020 (r363605)
@@ -6,7 +6,6 @@ PACKAGE=ipfw
PROG= ipfw
SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c tables.c
SRCS+= nat64clat.c nat64lsn.c nat64stl.c nptv6.c
-WARNS?= 2
.if ${MK_PF} != "no"
SRCS+= altq.c
@@ -17,3 +16,5 @@ LIBADD= jail util
MAN= ipfw.8
.include <bsd.prog.mk>
+
+CWARNFLAGS+= -Wno-cast-align
Modified: stable/12/sbin/ipfw/altq.c
==============================================================================
--- stable/12/sbin/ipfw/altq.c Mon Jul 27 14:14:06 2020 (r363604)
+++ stable/12/sbin/ipfw/altq.c Mon Jul 27 14:15:50 2020 (r363605)
@@ -140,7 +140,7 @@ altq_qid_to_name(u_int32_t qid)
}
void
-print_altq_cmd(struct buf_pr *bp, ipfw_insn_altq *altqptr)
+print_altq_cmd(struct buf_pr *bp, const ipfw_insn_altq *altqptr)
{
if (altqptr) {
const char *qname;
Modified: stable/12/sbin/ipfw/dummynet.c
==============================================================================
--- stable/12/sbin/ipfw/dummynet.c Mon Jul 27 14:14:06 2020 (r363604)
+++ stable/12/sbin/ipfw/dummynet.c Mon Jul 27 14:15:50 2020 (r363605)
@@ -166,8 +166,8 @@ enum {
#define PIE_SCALE (1L<<PIE_FIX_POINT_BITS)
/* integer to time */
-void
-us_to_time(int t,char *strt)
+static void
+us_to_time(int t, char *strt)
{
if (t < 0)
strt[0]='\0';
@@ -221,7 +221,7 @@ time_to_us(const char *s)
/* Get AQM or scheduler extra parameters */
-void
+static void
get_extra_parms(uint32_t nr, char *out, int subtype)
{
struct dn_extra_parms *ep;
@@ -586,7 +586,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end)
break;
}
case DN_CMD_GET:
- if (co.verbose)
+ if (g_co.verbose)
printf("answer for cmd %d, len %d\n", oid->type, oid->id);
break;
case DN_SCH: {
@@ -636,7 +636,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end)
sprintf(bwbuf, "%7.3f bit/s ", b);
if (humanize_number(burst, sizeof(burst), p->burst,
- "", HN_AUTOSCALE, 0) < 0 || co.verbose)
+ "", HN_AUTOSCALE, 0) < 0 || g_co.verbose)
sprintf(burst, "%d", (int)p->burst);
sprintf(buf, "%05d: %s %4d ms burst %s",
p->link_nr % DN_MAX_ID, bwbuf, p->delay, burst);
@@ -1317,7 +1317,7 @@ ipfw_config_pipe(int ac, char **av)
o_next(&buf, sizeof(struct dn_id), DN_CMD_CONFIG);
base->id = DN_API_VERSION;
- switch (co.do_pipe) {
+ switch (g_co.do_pipe) {
case 1: /* "pipe N config ..." */
/* Allocate space for the WF2Q+ scheduler, its link
* and the FIFO flowset. Set the number, but leave
@@ -1893,7 +1893,7 @@ parse_range(int ac, char *av[], uint32_t *v, int len)
}
n++;
/* translate if 'pipe list' */
- if (co.do_pipe == 1) {
+ if (g_co.do_pipe == 1) {
v[0] += DN_MAX_ID;
v[1] += DN_MAX_ID;
}
@@ -1947,7 +1947,7 @@ dummynet_list(int ac, char *av[], int show_counters)
if (max_size < sizeof(struct dn_flow))
max_size = sizeof(struct dn_flow);
- switch (co.do_pipe) {
+ switch (g_co.do_pipe) {
case 1:
oid->subtype = DN_LINK; /* list pipe */
break;
Modified: stable/12/sbin/ipfw/ipfw2.c
==============================================================================
--- stable/12/sbin/ipfw/ipfw2.c Mon Jul 27 14:14:06 2020 (r363604)
+++ stable/12/sbin/ipfw/ipfw2.c Mon Jul 27 14:15:50 2020 (r363605)
@@ -57,7 +57,7 @@
#include <netinet/tcp.h>
#include <arpa/inet.h>
-struct cmdline_opts co; /* global options */
+struct cmdline_opts g_co; /* global options */
struct format_opts {
int bcwidth;
@@ -74,7 +74,7 @@ struct format_opts {
int resvd_set_number = RESVD_SET;
-int ipfw_socket = -1;
+static int ipfw_socket = -1;
#define CHECK_LENGTH(v, len) do { \
if ((v) < (len)) \
@@ -395,8 +395,8 @@ static int ipfw_show_config(struct cmdline_opts *co, s
static void ipfw_list_tifaces(void);
struct tidx;
-static uint16_t pack_object(struct tidx *tstate, char *name, int otype);
-static uint16_t pack_table(struct tidx *tstate, char *name);
+static uint16_t pack_object(struct tidx *tstate, const char *name, int otype);
+static uint16_t pack_table(struct tidx *tstate, const char *name);
static char *table_search_ctlv(ipfw_obj_ctlv *ctlv, uint16_t idx);
static void object_sort_ctlv(ipfw_obj_ctlv *ctlv);
@@ -456,7 +456,7 @@ bp_flush(struct buf_pr *b)
* Returns number of bytes that should have been printed.
*/
int
-bprintf(struct buf_pr *b, char *format, ...)
+bprintf(struct buf_pr *b, const char *format, ...)
{
va_list args;
int i;
@@ -466,7 +466,7 @@ bprintf(struct buf_pr *b, char *format, ...)
i = vsnprintf(b->ptr, b->avail, format, args);
va_end(args);
- if (i > b->avail || i < 0) {
+ if (i < 0 || (size_t)i > b->avail) {
/* Overflow or print error */
b->avail = 0;
} else {
@@ -501,7 +501,7 @@ bprint_uint_arg(struct buf_pr *bp, const char *str, ui
* otherwise, return the required width.
*/
int
-pr_u64(struct buf_pr *b, uint64_t *pd, int width)
+pr_u64(struct buf_pr *b, void *pd, int width)
{
#ifdef TCC
#define U64_FMT "I64"
@@ -569,7 +569,7 @@ do_cmd(int optname, void *optval, uintptr_t optlen)
{
int i;
- if (co.test_only)
+ if (g_co.test_only)
return 0;
if (ipfw_socket == -1)
@@ -606,7 +606,7 @@ int
do_set3(int optname, ip_fw3_opheader *op3, size_t optlen)
{
- if (co.test_only)
+ if (g_co.test_only)
return (0);
if (ipfw_socket == -1)
@@ -635,7 +635,7 @@ do_get3(int optname, ip_fw3_opheader *op3, size_t *opt
int error;
socklen_t len;
- if (co.test_only)
+ if (g_co.test_only)
return (0);
if (ipfw_socket == -1)
@@ -725,7 +725,8 @@ match_value(struct _s_x *p, int value)
}
size_t
-concat_tokens(char *buf, size_t bufsize, struct _s_x *table, char *delimiter)
+concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
+ const char *delimiter)
{
struct _s_x *pt;
int l;
@@ -788,7 +789,7 @@ print_flags_buffer(char *buf, size_t sz, struct _s_x *
set &= ~list[i].x;
l = snprintf(buf, sz, "%s%s", comma, list[i].s);
- if (l >= sz)
+ if (l < 0 || (size_t)l >= sz)
return;
comma = ",";
buf += l;
@@ -856,13 +857,13 @@ print_port(struct buf_pr *bp, int proto, uint16_t port
if (proto == IPPROTO_ETHERTYPE) {
char const *s;
- if (co.do_resolv && (s = match_value(ether_types, port)) )
+ if (g_co.do_resolv && (s = match_value(ether_types, port)) )
bprintf(bp, "%s", s);
else
bprintf(bp, "0x%04x", port);
} else {
struct servent *se = NULL;
- if (co.do_resolv) {
+ if (g_co.do_resolv) {
struct protoent *pe = getprotobynumber(proto);
se = getservbyport(htons(port), pe ? pe->p_name : NULL);
@@ -893,9 +894,9 @@ static struct _s_x _port_name[] = {
* XXX todo: add support for mask.
*/
static void
-print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, int proto, int opcode)
+print_newports(struct buf_pr *bp, const ipfw_insn_u16 *cmd, int proto, int opcode)
{
- uint16_t *p = cmd->ports;
+ const uint16_t *p = cmd->ports;
int i;
char const *sep;
@@ -906,7 +907,7 @@ print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd,
bprintf(bp, " %s", sep);
}
sep = " ";
- for (i = F_LEN((ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
+ for (i = F_LEN((const ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
bprintf(bp, "%s", sep);
print_port(bp, proto, p[0]);
if (p[0] != p[1]) {
@@ -1134,7 +1135,7 @@ print_reject_code(struct buf_pr *bp, uint16_t code)
* len is the max length in bits.
*/
int
-contigmask(uint8_t *p, int len)
+contigmask(const uint8_t *p, int len)
{
int i, n;
@@ -1152,7 +1153,7 @@ contigmask(uint8_t *p, int len)
* There is a specialized check for f_tcpflags.
*/
static void
-print_flags(struct buf_pr *bp, char const *name, ipfw_insn *cmd,
+print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd,
struct _s_x *list)
{
char const *comma = "";
@@ -1185,12 +1186,13 @@ print_flags(struct buf_pr *bp, char const *name, ipfw_
* Print the ip address contained in a command.
*/
static void
-print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
+print_ip(struct buf_pr *bp, const struct format_opts *fo,
+ const ipfw_insn_ip *cmd)
{
struct hostent *he = NULL;
- struct in_addr *ia;
- uint32_t len = F_LEN((ipfw_insn *)cmd);
- uint32_t *a = ((ipfw_insn_u32 *)cmd)->d;
+ const struct in_addr *ia;
+ const uint32_t *a = ((const ipfw_insn_u32 *)cmd)->d;
+ uint32_t len = F_LEN((const ipfw_insn *)cmd);
char *t;
bprintf(bp, " ");
@@ -1200,7 +1202,8 @@ print_ip(struct buf_pr *bp, const struct format_opts *
if (d < sizeof(lookup_key)/sizeof(lookup_key[0]))
arg = match_value(rule_options, lookup_key[d]);
- t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1);
+ t = table_search_ctlv(fo->tstate,
+ ((const ipfw_insn *)cmd)->arg1);
bprintf(bp, "lookup %s %s", arg, t);
return;
}
@@ -1210,7 +1213,8 @@ print_ip(struct buf_pr *bp, const struct format_opts *
}
if (cmd->o.opcode == O_IP_SRC_LOOKUP ||
cmd->o.opcode == O_IP_DST_LOOKUP) {
- t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1);
+ t = table_search_ctlv(fo->tstate,
+ ((const ipfw_insn *)cmd)->arg1);
bprintf(bp, "table(%s", t);
if (len == F_INSN_SIZE(ipfw_insn_u32))
bprintf(bp, ",%u", *a);
@@ -1218,16 +1222,18 @@ print_ip(struct buf_pr *bp, const struct format_opts *
return;
}
if (cmd->o.opcode == O_IP_SRC_SET || cmd->o.opcode == O_IP_DST_SET) {
- uint32_t x, *map = (uint32_t *)&(cmd->mask);
+ const uint32_t *map = (const uint32_t *)&cmd->mask;
+ struct in_addr addr;
+ uint32_t x;
int i, j;
char comma = '{';
x = cmd->o.arg1 - 1;
- x = htonl( ~x );
- cmd->addr.s_addr = htonl(cmd->addr.s_addr);
- bprintf(bp, "%s/%d", inet_ntoa(cmd->addr),
- contigmask((uint8_t *)&x, 32));
- x = cmd->addr.s_addr = htonl(cmd->addr.s_addr);
+ x = htonl(~x);
+ addr.s_addr = htonl(cmd->addr.s_addr);
+ bprintf(bp, "%s/%d", inet_ntoa(addr),
+ contigmask((uint8_t *)&x, 32));
+ x = cmd->addr.s_addr;
x &= 0xff; /* base */
/*
* Print bits and ranges.
@@ -1258,19 +1264,19 @@ print_ip(struct buf_pr *bp, const struct format_opts *
for (len = len / 2; len > 0; len--, a += 2) {
int mb = /* mask length */
(cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ?
- 32 : contigmask((uint8_t *)&(a[1]), 32);
- if (mb == 32 && co.do_resolv)
- he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t),
+ 32 : contigmask((const uint8_t *)&(a[1]), 32);
+ if (mb == 32 && g_co.do_resolv)
+ he = gethostbyaddr((const char *)&(a[0]), sizeof(in_addr_t),
AF_INET);
if (he != NULL) /* resolved to name */
bprintf(bp, "%s", he->h_name);
else if (mb == 0) /* any */
bprintf(bp, "any");
else { /* numeric IP followed by some kind of mask */
- ia = (struct in_addr *)&a[0];
+ ia = (const struct in_addr *)&a[0];
bprintf(bp, "%s", inet_ntoa(*ia));
if (mb < 0) {
- ia = (struct in_addr *)&a[1];
+ ia = (const struct in_addr *)&a[1];
bprintf(bp, ":%s", inet_ntoa(*ia));
} else if (mb < 32)
bprintf(bp, "/%d", mb);
@@ -1284,7 +1290,7 @@ print_ip(struct buf_pr *bp, const struct format_opts *
* prints a MAC address/mask pair
*/
static void
-format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *mask)
+format_mac(struct buf_pr *bp, const uint8_t *addr, const uint8_t *mask)
{
int l = contigmask(mask, 48);
@@ -1303,7 +1309,7 @@ format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *
}
static void
-print_mac(struct buf_pr *bp, ipfw_insn_mac *mac)
+print_mac(struct buf_pr *bp, const ipfw_insn_mac *mac)
{
bprintf(bp, " MAC");
@@ -1336,7 +1342,7 @@ fill_icmptypes(ipfw_insn_u32 *cmd, char *av)
}
static void
-print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_icmptypes(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
int i;
char sep= ' ';
@@ -1351,12 +1357,12 @@ print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd)
}
static void
-print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_dscp(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
+ const uint32_t *v;
+ const char *code;
int i = 0;
- uint32_t *v;
char sep= ' ';
- const char *code;
bprintf(bp, " dscp");
v = cmd->d;
@@ -1374,7 +1380,7 @@ print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd)
}
}
-#define insntod(cmd, type) ((ipfw_insn_ ## type *)(cmd))
+#define insntod(cmd, type) ((const ipfw_insn_ ## type *)(cmd))
struct show_state {
struct ip_fw_rule *rule;
const ipfw_insn *eaction;
@@ -1443,7 +1449,7 @@ print_limit_mask(struct buf_pr *bp, const ipfw_insn_li
static int
print_instruction(struct buf_pr *bp, const struct format_opts *fo,
- struct show_state *state, ipfw_insn *cmd)
+ struct show_state *state, const ipfw_insn *cmd)
{
struct protoent *pe;
struct passwd *pwd;
@@ -1685,7 +1691,7 @@ print_instruction(struct buf_pr *bp, const struct form
bprintf(bp, " ipsec");
break;
case O_NOP:
- bprintf(bp, " // %s", (char *)(cmd + 1));
+ bprintf(bp, " // %s", (const char *)(cmd + 1));
break;
case O_KEEP_STATE:
if (state->flags & HAVE_PROBE_STATE)
@@ -1777,8 +1783,8 @@ static void
print_fwd(struct buf_pr *bp, const ipfw_insn *cmd)
{
char buf[INET6_ADDRSTRLEN + IF_NAMESIZE + 2];
- ipfw_insn_sa6 *sa6;
- ipfw_insn_sa *sa;
+ const ipfw_insn_sa6 *sa6;
+ const ipfw_insn_sa *sa;
uint16_t port;
if (cmd->opcode == O_FORWARD_IP) {
@@ -2056,7 +2062,7 @@ print_proto(struct buf_pr *bp, struct format_opts *fo,
static int
match_opcode(int opcode, const int opcodes[], size_t nops)
{
- int i;
+ size_t i;
for (i = 0; i < nops; i++)
if (opcode == opcodes[i])
@@ -2138,10 +2144,10 @@ static void
show_static_rule(struct cmdline_opts *co, struct format_opts *fo,
struct buf_pr *bp, struct ip_fw_rule *rule, struct ip_fw_bcounter *cntr)
{
+ static int twidth = 0;
struct show_state state;
ipfw_insn *cmd;
- static int twidth = 0;
- int i;
+ size_t i;
/* Print # DISABLED or skip the rule */
if ((fo->set_mask & (1 << rule->set)) == 0) {
@@ -2361,7 +2367,7 @@ void
ipfw_sets_handler(char *av[])
{
ipfw_range_tlv rt;
- char *msg;
+ const char *msg;
size_t size;
uint32_t masks[2];
int i;
@@ -2378,7 +2384,7 @@ ipfw_sets_handler(char *av[])
ipfw_cfg_lheader *cfg;
memset(&fo, 0, sizeof(fo));
- if (ipfw_get_config(&co, &fo, &cfg, &size) != 0)
+ if (ipfw_get_config(&g_co, &fo, &cfg, &size) != 0)
err(EX_OSERR, "requesting config failed");
for (i = 0, msg = "disable"; i < RESVD_SET; i++)
@@ -2507,7 +2513,7 @@ typedef void state_cb(struct cmdline_opts *co, struct
static void
prepare_format_dyn(struct cmdline_opts *co, struct format_opts *fo,
- void *arg, void *_state)
+ void *arg __unused, void *_state)
{
ipfw_dyn_rule *d;
int width;
@@ -2701,11 +2707,11 @@ ipfw_list(int ac, char *av[], int show_counters)
uint32_t rnum;
char *endptr;
- if (co.test_only) {
+ if (g_co.test_only) {
fprintf(stderr, "Testing only, list disabled\n");
return;
}
- if (co.do_pipe) {
+ if (g_co.do_pipe) {
dummynet_list(ac, av, show_counters);
return;
}
@@ -2731,17 +2737,17 @@ ipfw_list(int ac, char *av[], int show_counters)
/* get configuraion from kernel */
cfg = NULL;
sfo.show_counters = show_counters;
- sfo.show_time = co.do_time;
- if (co.do_dynamic != 2)
+ sfo.show_time = g_co.do_time;
+ if (g_co.do_dynamic != 2)
sfo.flags |= IPFW_CFG_GET_STATIC;
- if (co.do_dynamic != 0)
+ if (g_co.do_dynamic != 0)
sfo.flags |= IPFW_CFG_GET_STATES;
if ((sfo.show_counters | sfo.show_time) != 0)
sfo.flags |= IPFW_CFG_GET_COUNTERS;
- if (ipfw_get_config(&co, &sfo, &cfg, &sz) != 0)
+ if (ipfw_get_config(&g_co, &sfo, &cfg, &sz) != 0)
err(EX_OSERR, "retrieving config failed");
- error = ipfw_show_config(&co, &sfo, cfg, sz, ac, av);
+ error = ipfw_show_config(&g_co, &sfo, cfg, sz, ac, av);
free(cfg);
@@ -2974,7 +2980,8 @@ ipfw_check_object_name(const char *name)
return (0);
}
-static char *default_state_name = "default";
+static const char *default_state_name = "default";
+
static int
state_check_name(const char *name)
{
@@ -3000,10 +3007,10 @@ eaction_check_name(const char *name)
}
static uint16_t
-pack_object(struct tidx *tstate, char *name, int otype)
+pack_object(struct tidx *tstate, const char *name, int otype)
{
- int i;
ipfw_obj_ntlv *ntlv;
+ uint32_t i;
for (i = 0; i < tstate->count; i++) {
if (strcmp(tstate->idx[i].name, name) != 0)
@@ -3037,7 +3044,7 @@ pack_object(struct tidx *tstate, char *name, int otype
}
static uint16_t
-pack_table(struct tidx *tstate, char *name)
+pack_table(struct tidx *tstate, const char *name)
{
if (table_check_name(name) != 0)
@@ -3116,7 +3123,7 @@ fill_ip(ipfw_insn_ip *cmd, char *av, int cblen, struct
int masklen;
char md, nd = '\0';
- CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn) + 2 + len);
+ CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn) + 2 + len);
if (p) {
md = *p;
@@ -3314,7 +3321,7 @@ ipfw_delete(char *av[])
/* Do not allow using the following syntax:
* ipfw set N delete set M
*/
- if (co.use_set)
+ if (g_co.use_set)
errx(EX_DATAERR, "invalid syntax");
do_set = 1; /* delete set */
av++;
@@ -3327,10 +3334,10 @@ ipfw_delete(char *av[])
if (*sep== '-')
j = strtol(sep + 1, NULL, 10);
av++;
- if (co.do_nat) {
+ if (g_co.do_nat) {
exitval = ipfw_delete_nat(i);
- } else if (co.do_pipe) {
- exitval = ipfw_delete_pipe(co.do_pipe, i);
+ } else if (g_co.do_pipe) {
+ exitval = ipfw_delete_pipe(g_co.do_pipe, i);
} else {
memset(&rt, 0, sizeof(rt));
if (do_set != 0) {
@@ -3343,24 +3350,24 @@ ipfw_delete(char *av[])
rt.flags |= IPFW_RCFLAG_ALL;
else
rt.flags |= IPFW_RCFLAG_RANGE;
- if (co.use_set != 0) {
- rt.set = co.use_set - 1;
+ if (g_co.use_set != 0) {
+ rt.set = g_co.use_set - 1;
rt.flags |= IPFW_RCFLAG_SET;
}
}
- if (co.do_dynamic == 2)
+ if (g_co.do_dynamic == 2)
rt.flags |= IPFW_RCFLAG_DYNAMIC;
i = do_range_cmd(IP_FW_XDEL, &rt);
if (i != 0) {
exitval = EX_UNAVAILABLE;
- if (co.do_quiet)
+ if (g_co.do_quiet)
continue;
warn("rule %u: setsockopt(IP_FW_XDEL)",
rt.start_rule);
} else if (rt.new_set == 0 && do_set == 0 &&
- co.do_dynamic != 2) {
+ g_co.do_dynamic != 2) {
exitval = EX_UNAVAILABLE;
- if (co.do_quiet)
+ if (g_co.do_quiet)
continue;
if (rt.start_rule != rt.end_rule)
warnx("no rules rules in %u-%u range",
@@ -3371,7 +3378,7 @@ ipfw_delete(char *av[])
}
}
}
- if (exitval != EX_OK && co.do_force == 0)
+ if (exitval != EX_OK && g_co.do_force == 0)
exit(exitval);
}
@@ -3696,7 +3703,7 @@ add_src(ipfw_insn *cmd, char *av, u_char proto, int cb
struct in6_addr a;
char *host, *ch, buf[INET6_ADDRSTRLEN];
ipfw_insn *ret = NULL;
- int len;
+ size_t len;
/* Copy first address in set if needed */
if ((ch = strpbrk(av, "/,")) != NULL) {
@@ -3727,7 +3734,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cb
struct in6_addr a;
char *host, *ch, buf[INET6_ADDRSTRLEN];
ipfw_insn *ret = NULL;
- int len;
+ size_t len;
/* Copy first address in set if needed */
if ((ch = strpbrk(av, "/,")) != NULL) {
@@ -3764,7 +3771,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cb
* various match patterns, log/altq actions, and the actual action.
*
*/
-void
+static void
compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate)
{
/*
@@ -4250,7 +4257,7 @@ chkarg:
len = sizeof(c->max_log);
if (sysctlbyname("net.inet.ip.fw.verbose_limit",
&c->max_log, &len, NULL, 0) == -1) {
- if (co.test_only) {
+ if (g_co.test_only) {
c->max_log = 0;
break;
}
@@ -5138,10 +5145,10 @@ done:
static int
compare_ntlv(const void *_a, const void *_b)
{
- ipfw_obj_ntlv *a, *b;
+ const ipfw_obj_ntlv *a, *b;
- a = (ipfw_obj_ntlv *)_a;
- b = (ipfw_obj_ntlv *)_b;
+ a = (const ipfw_obj_ntlv *)_a;
+ b = (const ipfw_obj_ntlv *)_b;
if (a->set < b->set)
return (-1);
@@ -5178,11 +5185,11 @@ struct object_kt {
static int
compare_object_kntlv(const void *k, const void *v)
{
- ipfw_obj_ntlv *ntlv;
+ const ipfw_obj_ntlv *ntlv;
struct object_kt key;
- key = *((struct object_kt *)k);
- ntlv = (ipfw_obj_ntlv *)v;
+ key = *((const struct object_kt *)k);
+ ntlv = (const ipfw_obj_ntlv *)v;
if (key.uidx < ntlv->idx)
return (-1);
@@ -5318,14 +5325,14 @@ ipfw_add(char *av[])
if (do_get3(IP_FW_XADD, op3, &sz) != 0)
err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_XADD");
- if (!co.do_quiet) {
+ if (!g_co.do_quiet) {
struct format_opts sfo;
struct buf_pr bp;
memset(&sfo, 0, sizeof(sfo));
sfo.tstate = tstate;
sfo.set_mask = (uint32_t)(-1);
bp_alloc(&bp, 4096);
- show_static_rule(&co, &sfo, &bp, rule, NULL);
+ show_static_rule(&g_co, &sfo, &bp, rule, NULL);
printf("%s", bp.buf);
bp_free(&bp);
}
@@ -5361,7 +5368,7 @@ ipfw_zero(int ac, char *av[], int optname)
rt.flags = IPFW_RCFLAG_ALL;
if (do_range_cmd(optname, &rt) < 0)
err(EX_UNAVAILABLE, "setsockopt(IP_FW_X%s)", name);
- if (!co.do_quiet)
+ if (!g_co.do_quiet)
printf("%s.\n", optname == IP_FW_XZERO ?
"Accounting cleared":"Logging counts reset");
@@ -5379,8 +5386,8 @@ ipfw_zero(int ac, char *av[], int optname)
rt.start_rule = arg;
rt.end_rule = arg;
rt.flags |= IPFW_RCFLAG_RANGE;
- if (co.use_set != 0) {
- rt.set = co.use_set - 1;
+ if (g_co.use_set != 0) {
+ rt.set = g_co.use_set - 1;
rt.flags |= IPFW_RCFLAG_SET;
}
if (do_range_cmd(optname, &rt) != 0) {
@@ -5390,7 +5397,7 @@ ipfw_zero(int ac, char *av[], int optname)
} else if (rt.new_set == 0) {
printf("Entry %d not found\n", arg);
failed = EX_UNAVAILABLE;
- } else if (!co.do_quiet)
+ } else if (!g_co.do_quiet)
printf("Entry %d %s.\n", arg,
optname == IP_FW_XZERO ?
"cleared" : "logging count reset");
@@ -5408,7 +5415,7 @@ ipfw_flush(int force)
{
ipfw_range_tlv rt;
- if (!force && !co.do_quiet) { /* need to ask user */
+ if (!force && !g_co.do_quiet) { /* need to ask user */
int c;
printf("Are you sure? [yn] ");
@@ -5423,21 +5430,21 @@ ipfw_flush(int force)
if (c == 'N') /* user said no */
return;
}
- if (co.do_pipe) {
+ if (g_co.do_pipe) {
dummynet_flush();
return;
}
/* `ipfw set N flush` - is the same that `ipfw delete set N` */
memset(&rt, 0, sizeof(rt));
- if (co.use_set != 0) {
- rt.set = co.use_set - 1;
+ if (g_co.use_set != 0) {
+ rt.set = g_co.use_set - 1;
rt.flags = IPFW_RCFLAG_SET;
} else
rt.flags = IPFW_RCFLAG_ALL;
if (do_range_cmd(IP_FW_XDEL, &rt) != 0)
err(EX_UNAVAILABLE, "setsockopt(IP_FW_XDEL)");
- if (!co.do_quiet)
- printf("Flushed all %s.\n", co.do_pipe ? "pipes" : "rules");
+ if (!g_co.do_quiet)
+ printf("Flushed all %s.\n", g_co.do_pipe ? "pipes" : "rules");
}
static struct _s_x intcmds[] = {
@@ -5473,13 +5480,13 @@ lookup_eaction_name(ipfw_obj_ntlv *ntlv, int cnt, uint
}
static void
-ipfw_list_objects(int ac, char *av[])
+ipfw_list_objects(int ac __unused, char *av[] __unused)
{
ipfw_obj_lheader req, *olh;
ipfw_obj_ntlv *ntlv;
const char *name;
size_t sz;
- int i;
+ uint32_t i;
memset(&req, 0, sizeof(req));
sz = sizeof(req);
@@ -5577,10 +5584,10 @@ ipfw_get_tracked_ifaces(ipfw_obj_lheader **polh)
static int
ifinfo_cmp(const void *a, const void *b)
{
- ipfw_iface_info *ia, *ib;
+ const ipfw_iface_info *ia, *ib;
- ia = (ipfw_iface_info *)a;
- ib = (ipfw_iface_info *)b;
+ ia = (const ipfw_iface_info *)a;
+ ib = (const ipfw_iface_info *)b;
return (stringnum_cmp(ia->ifname, ib->ifname));
}
@@ -5591,11 +5598,12 @@ ifinfo_cmp(const void *a, const void *b)
* Returns 0 on success.
*/
static void
-ipfw_list_tifaces()
+ipfw_list_tifaces(void)
{
ipfw_obj_lheader *olh;
ipfw_iface_info *info;
- int i, error;
+ uint32_t i;
+ int error;
if ((error = ipfw_get_tracked_ifaces(&olh)) != 0)
err(EX_OSERR, "Unable to request ipfw tracked interface list");
Modified: stable/12/sbin/ipfw/ipfw2.h
==============================================================================
--- stable/12/sbin/ipfw/ipfw2.h Mon Jul 27 14:14:06 2020 (r363604)
+++ stable/12/sbin/ipfw/ipfw2.h Mon Jul 27 14:15:50 2020 (r363605)
@@ -51,7 +51,7 @@ struct cmdline_opts {
int do_sort; /* field to sort results (0 = no) */
/* valid fields are 1 and above */
- int use_set; /* work with specified set number */
+ uint32_t use_set; /* work with specified set number */
/* 0 means all sets, otherwise apply to set use_set - 1 */
};
@@ -62,7 +62,7 @@ enum {
TIMESTAMP_NUMERIC,
};
-extern struct cmdline_opts co;
+extern struct cmdline_opts g_co;
/*
* _s_x is a structure that stores a string <-> token pairs, used in
@@ -328,10 +328,10 @@ struct buf_pr {
size_t needed; /* length needed */
};
-int pr_u64(struct buf_pr *bp, uint64_t *pd, int width);
+int pr_u64(struct buf_pr *bp, void *pd, int width);
int bp_alloc(struct buf_pr *b, size_t size);
void bp_free(struct buf_pr *b);
-int bprintf(struct buf_pr *b, char *format, ...);
+int bprintf(struct buf_pr *b, const char *format, ...);
/* memory allocation support */
@@ -349,7 +349,7 @@ int match_token_relaxed(struct _s_x *table, const char
int get_token(struct _s_x *table, const char *string, const char *errbase);
char const *match_value(struct _s_x *p, int value);
size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
- char *delimiter);
+ const char *delimiter);
int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set,
uint32_t *clear);
void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set);
@@ -361,7 +361,7 @@ int do_get3(int optname, struct _ip_fw3_opheader *op3,
struct in6_addr;
void n2mask(struct in6_addr *mask, int n);
-int contigmask(uint8_t *p, int len);
+int contigmask(const uint8_t *p, int len);
/*
* Forward declarations to avoid include way too many headers.
@@ -409,7 +409,7 @@ int ipfw_check_nat64prefix(const struct in6_addr *pref
/* altq.c */
void altq_set_enabled(int enabled);
u_int32_t altq_name_to_qid(const char *name);
-void print_altq_cmd(struct buf_pr *bp, struct _ipfw_insn_altq *altqptr);
+void print_altq_cmd(struct buf_pr *bp, const struct _ipfw_insn_altq *altqptr);
#else
#define NO_ALTQ
#endif
@@ -421,10 +421,10 @@ int ipfw_delete_pipe(int pipe_or_queue, int n);
/* ipv6.c */
void print_unreach6_code(struct buf_pr *bp, uint16_t code);
-void print_ip6(struct buf_pr *bp, struct _ipfw_insn_ip6 *cmd);
-void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
-void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
-void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd );
+void print_ip6(struct buf_pr *bp, const struct _ipfw_insn_ip6 *cmd);
+void print_flow6id(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
+void print_icmp6types(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
+void print_ext6hdr(struct buf_pr *bp, const struct _ipfw_insn *cmd);
struct tidx;
struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen,
Modified: stable/12/sbin/ipfw/ipv6.c
==============================================================================
--- stable/12/sbin/ipfw/ipv6.c Mon Jul 27 14:14:06 2020 (r363604)
+++ stable/12/sbin/ipfw/ipv6.c Mon Jul 27 14:15:50 2020 (r363605)
@@ -85,14 +85,14 @@ print_unreach6_code(struct buf_pr *bp, uint16_t code)
* Print the ip address contained in a command.
*/
void
-print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd)
+print_ip6(struct buf_pr *bp, const ipfw_insn_ip6 *cmd)
{
char trad[255];
struct hostent *he = NULL;
- struct in6_addr *a = &(cmd->addr6);
+ const struct in6_addr *a = &(cmd->addr6);
int len, mb;
- len = F_LEN((ipfw_insn *) cmd) - 1;
+ len = F_LEN((const ipfw_insn *)cmd) - 1;
if (cmd->o.opcode == O_IP6_SRC_ME || cmd->o.opcode == O_IP6_DST_ME) {
bprintf(bp, " me6");
return;
@@ -112,10 +112,11 @@ print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd)
/* mask length */
mb = (cmd->o.opcode == O_IP6_SRC ||
cmd->o.opcode == O_IP6_DST) ? 128:
- contigmask((uint8_t *)&(a[1]), 128);
+ contigmask((const uint8_t *)&(a[1]), 128);
- if (mb == 128 && co.do_resolv)
- he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6);
+ if (mb == 128 && g_co.do_resolv)
+ he = gethostbyaddr((const char *)a, sizeof(*a),
+ AF_INET6);
if (he != NULL) /* resolved to name */
bprintf(bp, "%s", he->h_name);
@@ -142,7 +143,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cb
{
uint8_t type;
- CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_icmp6));
+ CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn_icmp6));
memset(cmd, 0, sizeof(*cmd));
while (*av) {
if (*av == ',')
@@ -165,7 +166,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cb
}
void
-print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_icmp6types(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
int i, j;
char sep= ' ';
@@ -181,7 +182,7 @@ print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd
}
void
-print_flow6id(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_flow6id(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
uint16_t i, limit = cmd->o.arg1;
char sep = ',';
@@ -257,7 +258,7 @@ fill_ext6hdr( ipfw_insn *cmd, char *av)
}
void
-print_ext6hdr(struct buf_pr *bp, ipfw_insn *cmd )
+print_ext6hdr(struct buf_pr *bp, const ipfw_insn *cmd )
{
char sep = ' ';
@@ -364,7 +365,8 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen, stru
int masklen;
char md = '\0';
- CHECK_LENGTH(cblen, 1 + len + 2 * F_INSN_SIZE(struct in6_addr));
+ CHECK_LENGTH(cblen,
+ 1 + len + 2 * (int)F_INSN_SIZE(struct in6_addr));
if ((q = strchr(av, ',')) ) {
*q = '\0';
@@ -453,7 +455,8 @@ fill_flow6( ipfw_insn_u32 *cmd, char *av, int cblen)
cmd->d[0] = 0; /* Initializing the base number*/
while (s) {
- CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_u32) + nflow + 1);
+ CHECK_LENGTH(cblen,
+ (int)F_INSN_SIZE(ipfw_insn_u32) + nflow + 1);
av = strsep( &s, ",") ;
type = strtoul(av, &av, 0);
Modified: stable/12/sbin/ipfw/main.c
==============================================================================
--- stable/12/sbin/ipfw/main.c Mon Jul 27 14:14:06 2020 (r363604)
+++ stable/12/sbin/ipfw/main.c Mon Jul 27 14:15:50 2020 (r363605)
@@ -226,8 +226,8 @@ ipfw_main(int oldac, char **oldav)
av[ac] = NULL;
/* Set the force flag for non-interactive processes */
- if (!co.do_force)
- co.do_force = !isatty(STDIN_FILENO);
+ if (!g_co.do_force)
+ g_co.do_force = !isatty(STDIN_FILENO);
#ifdef EMULATE_SYSCTL /* sysctl emulation */
if ( ac >= 2 && !strcmp(av[1], "sysctl")) {
@@ -269,20 +269,20 @@ ipfw_main(int oldac, char **oldav)
break;
case 'b':
- co.comment_only = 1;
- co.do_compact = 1;
+ g_co.comment_only = 1;
+ g_co.do_compact = 1;
break;
case 'c':
- co.do_compact = 1;
+ g_co.do_compact = 1;
break;
case 'd':
- co.do_dynamic = 1;
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-stable
mailing list