From owner-svn-src-all@freebsd.org Mon Jul 13 17:51:06 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8BA5E36C00F; Mon, 13 Jul 2020 17:51:06 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B5B5k3KJ7z4J4m; Mon, 13 Jul 2020 17:51:06 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 55EBC18EF8; Mon, 13 Jul 2020 17:51:06 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 06DHp63o002367; Mon, 13 Jul 2020 17:51:06 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 06DHp4KX002359; Mon, 13 Jul 2020 17:51:04 GMT (envelope-from markj@FreeBSD.org) Message-Id: <202007131751.06DHp4KX002359@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Mon, 13 Jul 2020 17:51:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r363164 - head/sbin/ipfw X-SVN-Group: head X-SVN-Commit-Author: markj X-SVN-Commit-Paths: head/sbin/ipfw X-SVN-Commit-Revision: 363164 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2020 17:51:06 -0000 Author: markj Date: Mon Jul 13 17:51:04 2020 New Revision: 363164 URL: https://svnweb.freebsd.org/changeset/base/363164 Log: ipfw(8): Fix most warnings with the default WARNS level. - Add missing const and static qualifiers. - Avoid shadowing the global "co" by renaming it to "g_co". - Avoid mixing signedness in loop bound checks. - Leave -Wcast-align warnings disabled for now. Reviewed by: ae, melifaro MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D25456 Modified: head/sbin/ipfw/Makefile head/sbin/ipfw/altq.c head/sbin/ipfw/dummynet.c head/sbin/ipfw/ipfw2.c head/sbin/ipfw/ipfw2.h head/sbin/ipfw/ipv6.c head/sbin/ipfw/main.c head/sbin/ipfw/nat.c head/sbin/ipfw/nat64clat.c head/sbin/ipfw/nat64lsn.c head/sbin/ipfw/nat64stl.c head/sbin/ipfw/nptv6.c head/sbin/ipfw/tables.c Modified: head/sbin/ipfw/Makefile ============================================================================== --- head/sbin/ipfw/Makefile Mon Jul 13 17:20:20 2020 (r363163) +++ head/sbin/ipfw/Makefile Mon Jul 13 17:51:04 2020 (r363164) @@ -6,7 +6,6 @@ PACKAGE=ipfw PROG= ipfw SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c tables.c SRCS+= nat64clat.c nat64lsn.c nat64stl.c nptv6.c -WARNS?= 2 .if ${MK_PF} != "no" SRCS+= altq.c @@ -17,3 +16,5 @@ LIBADD= jail util MAN= ipfw.8 .include + +CWARNFLAGS+= -Wno-cast-align Modified: head/sbin/ipfw/altq.c ============================================================================== --- head/sbin/ipfw/altq.c Mon Jul 13 17:20:20 2020 (r363163) +++ head/sbin/ipfw/altq.c Mon Jul 13 17:51:04 2020 (r363164) @@ -140,7 +140,7 @@ altq_qid_to_name(u_int32_t qid) } void -print_altq_cmd(struct buf_pr *bp, ipfw_insn_altq *altqptr) +print_altq_cmd(struct buf_pr *bp, const ipfw_insn_altq *altqptr) { if (altqptr) { const char *qname; Modified: head/sbin/ipfw/dummynet.c ============================================================================== --- head/sbin/ipfw/dummynet.c Mon Jul 13 17:20:20 2020 (r363163) +++ head/sbin/ipfw/dummynet.c Mon Jul 13 17:51:04 2020 (r363164) @@ -166,8 +166,8 @@ enum { #define PIE_SCALE (1L<type, oid->id); break; case DN_SCH: { @@ -636,7 +636,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end) sprintf(bwbuf, "%7.3f bit/s ", b); if (humanize_number(burst, sizeof(burst), p->burst, - "", HN_AUTOSCALE, 0) < 0 || co.verbose) + "", HN_AUTOSCALE, 0) < 0 || g_co.verbose) sprintf(burst, "%d", (int)p->burst); sprintf(buf, "%05d: %s %4d ms burst %s", p->link_nr % DN_MAX_ID, bwbuf, p->delay, burst); @@ -1317,7 +1317,7 @@ ipfw_config_pipe(int ac, char **av) o_next(&buf, sizeof(struct dn_id), DN_CMD_CONFIG); base->id = DN_API_VERSION; - switch (co.do_pipe) { + switch (g_co.do_pipe) { case 1: /* "pipe N config ..." */ /* Allocate space for the WF2Q+ scheduler, its link * and the FIFO flowset. Set the number, but leave @@ -1893,7 +1893,7 @@ parse_range(int ac, char *av[], uint32_t *v, int len) } n++; /* translate if 'pipe list' */ - if (co.do_pipe == 1) { + if (g_co.do_pipe == 1) { v[0] += DN_MAX_ID; v[1] += DN_MAX_ID; } @@ -1947,7 +1947,7 @@ dummynet_list(int ac, char *av[], int show_counters) if (max_size < sizeof(struct dn_flow)) max_size = sizeof(struct dn_flow); - switch (co.do_pipe) { + switch (g_co.do_pipe) { case 1: oid->subtype = DN_LINK; /* list pipe */ break; Modified: head/sbin/ipfw/ipfw2.c ============================================================================== --- head/sbin/ipfw/ipfw2.c Mon Jul 13 17:20:20 2020 (r363163) +++ head/sbin/ipfw/ipfw2.c Mon Jul 13 17:51:04 2020 (r363164) @@ -57,7 +57,7 @@ #include #include -struct cmdline_opts co; /* global options */ +struct cmdline_opts g_co; /* global options */ struct format_opts { int bcwidth; @@ -74,7 +74,7 @@ struct format_opts { int resvd_set_number = RESVD_SET; -int ipfw_socket = -1; +static int ipfw_socket = -1; #define CHECK_LENGTH(v, len) do { \ if ((v) < (len)) \ @@ -395,8 +395,8 @@ static int ipfw_show_config(struct cmdline_opts *co, s static void ipfw_list_tifaces(void); struct tidx; -static uint16_t pack_object(struct tidx *tstate, char *name, int otype); -static uint16_t pack_table(struct tidx *tstate, char *name); +static uint16_t pack_object(struct tidx *tstate, const char *name, int otype); +static uint16_t pack_table(struct tidx *tstate, const char *name); static char *table_search_ctlv(ipfw_obj_ctlv *ctlv, uint16_t idx); static void object_sort_ctlv(ipfw_obj_ctlv *ctlv); @@ -456,7 +456,7 @@ bp_flush(struct buf_pr *b) * Returns number of bytes that should have been printed. */ int -bprintf(struct buf_pr *b, char *format, ...) +bprintf(struct buf_pr *b, const char *format, ...) { va_list args; int i; @@ -466,7 +466,7 @@ bprintf(struct buf_pr *b, char *format, ...) i = vsnprintf(b->ptr, b->avail, format, args); va_end(args); - if (i > b->avail || i < 0) { + if (i < 0 || (size_t)i > b->avail) { /* Overflow or print error */ b->avail = 0; } else { @@ -569,7 +569,7 @@ do_cmd(int optname, void *optval, uintptr_t optlen) { int i; - if (co.test_only) + if (g_co.test_only) return 0; if (ipfw_socket == -1) @@ -606,7 +606,7 @@ int do_set3(int optname, ip_fw3_opheader *op3, size_t optlen) { - if (co.test_only) + if (g_co.test_only) return (0); if (ipfw_socket == -1) @@ -635,7 +635,7 @@ do_get3(int optname, ip_fw3_opheader *op3, size_t *opt int error; socklen_t len; - if (co.test_only) + if (g_co.test_only) return (0); if (ipfw_socket == -1) @@ -725,7 +725,8 @@ match_value(struct _s_x *p, int value) } size_t -concat_tokens(char *buf, size_t bufsize, struct _s_x *table, char *delimiter) +concat_tokens(char *buf, size_t bufsize, struct _s_x *table, + const char *delimiter) { struct _s_x *pt; int l; @@ -788,7 +789,7 @@ print_flags_buffer(char *buf, size_t sz, struct _s_x * set &= ~list[i].x; l = snprintf(buf, sz, "%s%s", comma, list[i].s); - if (l >= sz) + if (l < 0 || (size_t)l >= sz) return; comma = ","; buf += l; @@ -856,13 +857,13 @@ print_port(struct buf_pr *bp, int proto, uint16_t port if (proto == IPPROTO_ETHERTYPE) { char const *s; - if (co.do_resolv && (s = match_value(ether_types, port)) ) + if (g_co.do_resolv && (s = match_value(ether_types, port)) ) bprintf(bp, "%s", s); else bprintf(bp, "0x%04x", port); } else { struct servent *se = NULL; - if (co.do_resolv) { + if (g_co.do_resolv) { struct protoent *pe = getprotobynumber(proto); se = getservbyport(htons(port), pe ? pe->p_name : NULL); @@ -893,9 +894,9 @@ static struct _s_x _port_name[] = { * XXX todo: add support for mask. */ static void -print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, int proto, int opcode) +print_newports(struct buf_pr *bp, const ipfw_insn_u16 *cmd, int proto, int opcode) { - uint16_t *p = cmd->ports; + const uint16_t *p = cmd->ports; int i; char const *sep; @@ -906,7 +907,7 @@ print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, bprintf(bp, " %s", sep); } sep = " "; - for (i = F_LEN((ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) { + for (i = F_LEN((const ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) { bprintf(bp, "%s", sep); print_port(bp, proto, p[0]); if (p[0] != p[1]) { @@ -1134,7 +1135,7 @@ print_reject_code(struct buf_pr *bp, uint16_t code) * len is the max length in bits. */ int -contigmask(uint8_t *p, int len) +contigmask(const uint8_t *p, int len) { int i, n; @@ -1152,7 +1153,7 @@ contigmask(uint8_t *p, int len) * There is a specialized check for f_tcpflags. */ static void -print_flags(struct buf_pr *bp, char const *name, ipfw_insn *cmd, +print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd, struct _s_x *list) { char const *comma = ""; @@ -1185,12 +1186,13 @@ print_flags(struct buf_pr *bp, char const *name, ipfw_ * Print the ip address contained in a command. */ static void -print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd) +print_ip(struct buf_pr *bp, const struct format_opts *fo, + const ipfw_insn_ip *cmd) { struct hostent *he = NULL; - struct in_addr *ia; - uint32_t len = F_LEN((ipfw_insn *)cmd); - uint32_t *a = ((ipfw_insn_u32 *)cmd)->d; + const struct in_addr *ia; + const uint32_t *a = ((const ipfw_insn_u32 *)cmd)->d; + uint32_t len = F_LEN((const ipfw_insn *)cmd); char *t; bprintf(bp, " "); @@ -1200,7 +1202,8 @@ print_ip(struct buf_pr *bp, const struct format_opts * if (d < sizeof(lookup_key)/sizeof(lookup_key[0])) arg = match_value(rule_options, lookup_key[d]); - t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1); + t = table_search_ctlv(fo->tstate, + ((const ipfw_insn *)cmd)->arg1); bprintf(bp, "lookup %s %s", arg, t); return; } @@ -1210,7 +1213,8 @@ print_ip(struct buf_pr *bp, const struct format_opts * } if (cmd->o.opcode == O_IP_SRC_LOOKUP || cmd->o.opcode == O_IP_DST_LOOKUP) { - t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1); + t = table_search_ctlv(fo->tstate, + ((const ipfw_insn *)cmd)->arg1); bprintf(bp, "table(%s", t); if (len == F_INSN_SIZE(ipfw_insn_u32)) bprintf(bp, ",%u", *a); @@ -1218,16 +1222,18 @@ print_ip(struct buf_pr *bp, const struct format_opts * return; } if (cmd->o.opcode == O_IP_SRC_SET || cmd->o.opcode == O_IP_DST_SET) { - uint32_t x, *map = (uint32_t *)&(cmd->mask); + const uint32_t *map = (const uint32_t *)&cmd->mask; + struct in_addr addr; + uint32_t x; int i, j; char comma = '{'; x = cmd->o.arg1 - 1; - x = htonl( ~x ); - cmd->addr.s_addr = htonl(cmd->addr.s_addr); - bprintf(bp, "%s/%d", inet_ntoa(cmd->addr), - contigmask((uint8_t *)&x, 32)); - x = cmd->addr.s_addr = htonl(cmd->addr.s_addr); + x = htonl(~x); + addr.s_addr = htonl(cmd->addr.s_addr); + bprintf(bp, "%s/%d", inet_ntoa(addr), + contigmask((uint8_t *)&x, 32)); + x = cmd->addr.s_addr; x &= 0xff; /* base */ /* * Print bits and ranges. @@ -1258,19 +1264,19 @@ print_ip(struct buf_pr *bp, const struct format_opts * for (len = len / 2; len > 0; len--, a += 2) { int mb = /* mask length */ (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ? - 32 : contigmask((uint8_t *)&(a[1]), 32); - if (mb == 32 && co.do_resolv) - he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t), + 32 : contigmask((const uint8_t *)&(a[1]), 32); + if (mb == 32 && g_co.do_resolv) + he = gethostbyaddr((const char *)&(a[0]), sizeof(in_addr_t), AF_INET); if (he != NULL) /* resolved to name */ bprintf(bp, "%s", he->h_name); else if (mb == 0) /* any */ bprintf(bp, "any"); else { /* numeric IP followed by some kind of mask */ - ia = (struct in_addr *)&a[0]; + ia = (const struct in_addr *)&a[0]; bprintf(bp, "%s", inet_ntoa(*ia)); if (mb < 0) { - ia = (struct in_addr *)&a[1]; + ia = (const struct in_addr *)&a[1]; bprintf(bp, ":%s", inet_ntoa(*ia)); } else if (mb < 32) bprintf(bp, "/%d", mb); @@ -1284,7 +1290,7 @@ print_ip(struct buf_pr *bp, const struct format_opts * * prints a MAC address/mask pair */ static void -format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *mask) +format_mac(struct buf_pr *bp, const uint8_t *addr, const uint8_t *mask) { int l = contigmask(mask, 48); @@ -1303,7 +1309,7 @@ format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t * } static void -print_mac(struct buf_pr *bp, ipfw_insn_mac *mac) +print_mac(struct buf_pr *bp, const ipfw_insn_mac *mac) { bprintf(bp, " MAC"); @@ -1336,7 +1342,7 @@ fill_icmptypes(ipfw_insn_u32 *cmd, char *av) } static void -print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd) +print_icmptypes(struct buf_pr *bp, const ipfw_insn_u32 *cmd) { int i; char sep= ' '; @@ -1351,12 +1357,12 @@ print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd) } static void -print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd) +print_dscp(struct buf_pr *bp, const ipfw_insn_u32 *cmd) { + const uint32_t *v; + const char *code; int i = 0; - uint32_t *v; char sep= ' '; - const char *code; bprintf(bp, " dscp"); v = cmd->d; @@ -1374,7 +1380,7 @@ print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd) } } -#define insntod(cmd, type) ((ipfw_insn_ ## type *)(cmd)) +#define insntod(cmd, type) ((const ipfw_insn_ ## type *)(cmd)) struct show_state { struct ip_fw_rule *rule; const ipfw_insn *eaction; @@ -1443,7 +1449,7 @@ print_limit_mask(struct buf_pr *bp, const ipfw_insn_li static int print_instruction(struct buf_pr *bp, const struct format_opts *fo, - struct show_state *state, ipfw_insn *cmd) + struct show_state *state, const ipfw_insn *cmd) { struct protoent *pe; struct passwd *pwd; @@ -1685,7 +1691,7 @@ print_instruction(struct buf_pr *bp, const struct form bprintf(bp, " ipsec"); break; case O_NOP: - bprintf(bp, " // %s", (char *)(cmd + 1)); + bprintf(bp, " // %s", (const char *)(cmd + 1)); break; case O_KEEP_STATE: if (state->flags & HAVE_PROBE_STATE) @@ -1777,8 +1783,8 @@ static void print_fwd(struct buf_pr *bp, const ipfw_insn *cmd) { char buf[INET6_ADDRSTRLEN + IF_NAMESIZE + 2]; - ipfw_insn_sa6 *sa6; - ipfw_insn_sa *sa; + const ipfw_insn_sa6 *sa6; + const ipfw_insn_sa *sa; uint16_t port; if (cmd->opcode == O_FORWARD_IP) { @@ -2056,7 +2062,7 @@ print_proto(struct buf_pr *bp, struct format_opts *fo, static int match_opcode(int opcode, const int opcodes[], size_t nops) { - int i; + size_t i; for (i = 0; i < nops; i++) if (opcode == opcodes[i]) @@ -2138,10 +2144,10 @@ static void show_static_rule(struct cmdline_opts *co, struct format_opts *fo, struct buf_pr *bp, struct ip_fw_rule *rule, struct ip_fw_bcounter *cntr) { + static int twidth = 0; struct show_state state; ipfw_insn *cmd; - static int twidth = 0; - int i; + size_t i; /* Print # DISABLED or skip the rule */ if ((fo->set_mask & (1 << rule->set)) == 0) { @@ -2361,7 +2367,7 @@ void ipfw_sets_handler(char *av[]) { ipfw_range_tlv rt; - char *msg; + const char *msg; size_t size; uint32_t masks[2]; int i; @@ -2378,7 +2384,7 @@ ipfw_sets_handler(char *av[]) ipfw_cfg_lheader *cfg; memset(&fo, 0, sizeof(fo)); - if (ipfw_get_config(&co, &fo, &cfg, &size) != 0) + if (ipfw_get_config(&g_co, &fo, &cfg, &size) != 0) err(EX_OSERR, "requesting config failed"); for (i = 0, msg = "disable"; i < RESVD_SET; i++) @@ -2507,7 +2513,7 @@ typedef void state_cb(struct cmdline_opts *co, struct static void prepare_format_dyn(struct cmdline_opts *co, struct format_opts *fo, - void *arg, void *_state) + void *arg __unused, void *_state) { ipfw_dyn_rule *d; int width; @@ -2701,11 +2707,11 @@ ipfw_list(int ac, char *av[], int show_counters) uint32_t rnum; char *endptr; - if (co.test_only) { + if (g_co.test_only) { fprintf(stderr, "Testing only, list disabled\n"); return; } - if (co.do_pipe) { + if (g_co.do_pipe) { dummynet_list(ac, av, show_counters); return; } @@ -2731,17 +2737,17 @@ ipfw_list(int ac, char *av[], int show_counters) /* get configuraion from kernel */ cfg = NULL; sfo.show_counters = show_counters; - sfo.show_time = co.do_time; - if (co.do_dynamic != 2) + sfo.show_time = g_co.do_time; + if (g_co.do_dynamic != 2) sfo.flags |= IPFW_CFG_GET_STATIC; - if (co.do_dynamic != 0) + if (g_co.do_dynamic != 0) sfo.flags |= IPFW_CFG_GET_STATES; if ((sfo.show_counters | sfo.show_time) != 0) sfo.flags |= IPFW_CFG_GET_COUNTERS; - if (ipfw_get_config(&co, &sfo, &cfg, &sz) != 0) + if (ipfw_get_config(&g_co, &sfo, &cfg, &sz) != 0) err(EX_OSERR, "retrieving config failed"); - error = ipfw_show_config(&co, &sfo, cfg, sz, ac, av); + error = ipfw_show_config(&g_co, &sfo, cfg, sz, ac, av); free(cfg); @@ -2974,7 +2980,8 @@ ipfw_check_object_name(const char *name) return (0); } -static char *default_state_name = "default"; +static const char *default_state_name = "default"; + static int state_check_name(const char *name) { @@ -3000,10 +3007,10 @@ eaction_check_name(const char *name) } static uint16_t -pack_object(struct tidx *tstate, char *name, int otype) +pack_object(struct tidx *tstate, const char *name, int otype) { - int i; ipfw_obj_ntlv *ntlv; + uint32_t i; for (i = 0; i < tstate->count; i++) { if (strcmp(tstate->idx[i].name, name) != 0) @@ -3037,7 +3044,7 @@ pack_object(struct tidx *tstate, char *name, int otype } static uint16_t -pack_table(struct tidx *tstate, char *name) +pack_table(struct tidx *tstate, const char *name) { if (table_check_name(name) != 0) @@ -3116,7 +3123,7 @@ fill_ip(ipfw_insn_ip *cmd, char *av, int cblen, struct int masklen; char md, nd = '\0'; - CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn) + 2 + len); + CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn) + 2 + len); if (p) { md = *p; @@ -3314,7 +3321,7 @@ ipfw_delete(char *av[]) /* Do not allow using the following syntax: * ipfw set N delete set M */ - if (co.use_set) + if (g_co.use_set) errx(EX_DATAERR, "invalid syntax"); do_set = 1; /* delete set */ av++; @@ -3327,10 +3334,10 @@ ipfw_delete(char *av[]) if (*sep== '-') j = strtol(sep + 1, NULL, 10); av++; - if (co.do_nat) { + if (g_co.do_nat) { exitval = ipfw_delete_nat(i); - } else if (co.do_pipe) { - exitval = ipfw_delete_pipe(co.do_pipe, i); + } else if (g_co.do_pipe) { + exitval = ipfw_delete_pipe(g_co.do_pipe, i); } else { memset(&rt, 0, sizeof(rt)); if (do_set != 0) { @@ -3343,24 +3350,24 @@ ipfw_delete(char *av[]) rt.flags |= IPFW_RCFLAG_ALL; else rt.flags |= IPFW_RCFLAG_RANGE; - if (co.use_set != 0) { - rt.set = co.use_set - 1; + if (g_co.use_set != 0) { + rt.set = g_co.use_set - 1; rt.flags |= IPFW_RCFLAG_SET; } } - if (co.do_dynamic == 2) + if (g_co.do_dynamic == 2) rt.flags |= IPFW_RCFLAG_DYNAMIC; i = do_range_cmd(IP_FW_XDEL, &rt); if (i != 0) { exitval = EX_UNAVAILABLE; - if (co.do_quiet) + if (g_co.do_quiet) continue; warn("rule %u: setsockopt(IP_FW_XDEL)", rt.start_rule); } else if (rt.new_set == 0 && do_set == 0 && - co.do_dynamic != 2) { + g_co.do_dynamic != 2) { exitval = EX_UNAVAILABLE; - if (co.do_quiet) + if (g_co.do_quiet) continue; if (rt.start_rule != rt.end_rule) warnx("no rules rules in %u-%u range", @@ -3371,7 +3378,7 @@ ipfw_delete(char *av[]) } } } - if (exitval != EX_OK && co.do_force == 0) + if (exitval != EX_OK && g_co.do_force == 0) exit(exitval); } @@ -3696,7 +3703,7 @@ add_src(ipfw_insn *cmd, char *av, u_char proto, int cb struct in6_addr a; char *host, *ch, buf[INET6_ADDRSTRLEN]; ipfw_insn *ret = NULL; - int len; + size_t len; /* Copy first address in set if needed */ if ((ch = strpbrk(av, "/,")) != NULL) { @@ -3727,7 +3734,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cb struct in6_addr a; char *host, *ch, buf[INET6_ADDRSTRLEN]; ipfw_insn *ret = NULL; - int len; + size_t len; /* Copy first address in set if needed */ if ((ch = strpbrk(av, "/,")) != NULL) { @@ -3764,7 +3771,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cb * various match patterns, log/altq actions, and the actual action. * */ -void +static void compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate) { /* @@ -4250,7 +4257,7 @@ chkarg: len = sizeof(c->max_log); if (sysctlbyname("net.inet.ip.fw.verbose_limit", &c->max_log, &len, NULL, 0) == -1) { - if (co.test_only) { + if (g_co.test_only) { c->max_log = 0; break; } @@ -5138,10 +5145,10 @@ done: static int compare_ntlv(const void *_a, const void *_b) { - ipfw_obj_ntlv *a, *b; + const ipfw_obj_ntlv *a, *b; - a = (ipfw_obj_ntlv *)_a; - b = (ipfw_obj_ntlv *)_b; + a = (const ipfw_obj_ntlv *)_a; + b = (const ipfw_obj_ntlv *)_b; if (a->set < b->set) return (-1); @@ -5178,11 +5185,11 @@ struct object_kt { static int compare_object_kntlv(const void *k, const void *v) { - ipfw_obj_ntlv *ntlv; + const ipfw_obj_ntlv *ntlv; struct object_kt key; - key = *((struct object_kt *)k); - ntlv = (ipfw_obj_ntlv *)v; + key = *((const struct object_kt *)k); + ntlv = (const ipfw_obj_ntlv *)v; if (key.uidx < ntlv->idx) return (-1); @@ -5318,14 +5325,14 @@ ipfw_add(char *av[]) if (do_get3(IP_FW_XADD, op3, &sz) != 0) err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_XADD"); - if (!co.do_quiet) { + if (!g_co.do_quiet) { struct format_opts sfo; struct buf_pr bp; memset(&sfo, 0, sizeof(sfo)); sfo.tstate = tstate; sfo.set_mask = (uint32_t)(-1); bp_alloc(&bp, 4096); - show_static_rule(&co, &sfo, &bp, rule, NULL); + show_static_rule(&g_co, &sfo, &bp, rule, NULL); printf("%s", bp.buf); bp_free(&bp); } @@ -5361,7 +5368,7 @@ ipfw_zero(int ac, char *av[], int optname) rt.flags = IPFW_RCFLAG_ALL; if (do_range_cmd(optname, &rt) < 0) err(EX_UNAVAILABLE, "setsockopt(IP_FW_X%s)", name); - if (!co.do_quiet) + if (!g_co.do_quiet) printf("%s.\n", optname == IP_FW_XZERO ? "Accounting cleared":"Logging counts reset"); @@ -5379,8 +5386,8 @@ ipfw_zero(int ac, char *av[], int optname) rt.start_rule = arg; rt.end_rule = arg; rt.flags |= IPFW_RCFLAG_RANGE; - if (co.use_set != 0) { - rt.set = co.use_set - 1; + if (g_co.use_set != 0) { + rt.set = g_co.use_set - 1; rt.flags |= IPFW_RCFLAG_SET; } if (do_range_cmd(optname, &rt) != 0) { @@ -5390,7 +5397,7 @@ ipfw_zero(int ac, char *av[], int optname) } else if (rt.new_set == 0) { printf("Entry %d not found\n", arg); failed = EX_UNAVAILABLE; - } else if (!co.do_quiet) + } else if (!g_co.do_quiet) printf("Entry %d %s.\n", arg, optname == IP_FW_XZERO ? "cleared" : "logging count reset"); @@ -5408,7 +5415,7 @@ ipfw_flush(int force) { ipfw_range_tlv rt; - if (!force && !co.do_quiet) { /* need to ask user */ + if (!force && !g_co.do_quiet) { /* need to ask user */ int c; printf("Are you sure? [yn] "); @@ -5423,21 +5430,21 @@ ipfw_flush(int force) if (c == 'N') /* user said no */ return; } - if (co.do_pipe) { + if (g_co.do_pipe) { dummynet_flush(); return; } /* `ipfw set N flush` - is the same that `ipfw delete set N` */ memset(&rt, 0, sizeof(rt)); - if (co.use_set != 0) { - rt.set = co.use_set - 1; + if (g_co.use_set != 0) { + rt.set = g_co.use_set - 1; rt.flags = IPFW_RCFLAG_SET; } else rt.flags = IPFW_RCFLAG_ALL; if (do_range_cmd(IP_FW_XDEL, &rt) != 0) err(EX_UNAVAILABLE, "setsockopt(IP_FW_XDEL)"); - if (!co.do_quiet) - printf("Flushed all %s.\n", co.do_pipe ? "pipes" : "rules"); + if (!g_co.do_quiet) + printf("Flushed all %s.\n", g_co.do_pipe ? "pipes" : "rules"); } static struct _s_x intcmds[] = { @@ -5473,13 +5480,13 @@ lookup_eaction_name(ipfw_obj_ntlv *ntlv, int cnt, uint } static void -ipfw_list_objects(int ac, char *av[]) +ipfw_list_objects(int ac __unused, char *av[] __unused) { ipfw_obj_lheader req, *olh; ipfw_obj_ntlv *ntlv; const char *name; size_t sz; - int i; + uint32_t i; memset(&req, 0, sizeof(req)); sz = sizeof(req); @@ -5577,10 +5584,10 @@ ipfw_get_tracked_ifaces(ipfw_obj_lheader **polh) static int ifinfo_cmp(const void *a, const void *b) { - ipfw_iface_info *ia, *ib; + const ipfw_iface_info *ia, *ib; - ia = (ipfw_iface_info *)a; - ib = (ipfw_iface_info *)b; + ia = (const ipfw_iface_info *)a; + ib = (const ipfw_iface_info *)b; return (stringnum_cmp(ia->ifname, ib->ifname)); } @@ -5591,11 +5598,12 @@ ifinfo_cmp(const void *a, const void *b) * Returns 0 on success. */ static void -ipfw_list_tifaces() +ipfw_list_tifaces(void) { ipfw_obj_lheader *olh; ipfw_iface_info *info; - int i, error; + uint32_t i; + int error; if ((error = ipfw_get_tracked_ifaces(&olh)) != 0) err(EX_OSERR, "Unable to request ipfw tracked interface list"); Modified: head/sbin/ipfw/ipfw2.h ============================================================================== --- head/sbin/ipfw/ipfw2.h Mon Jul 13 17:20:20 2020 (r363163) +++ head/sbin/ipfw/ipfw2.h Mon Jul 13 17:51:04 2020 (r363164) @@ -51,7 +51,7 @@ struct cmdline_opts { int do_sort; /* field to sort results (0 = no) */ /* valid fields are 1 and above */ - int use_set; /* work with specified set number */ + uint32_t use_set; /* work with specified set number */ /* 0 means all sets, otherwise apply to set use_set - 1 */ }; @@ -62,7 +62,7 @@ enum { TIMESTAMP_NUMERIC, }; -extern struct cmdline_opts co; +extern struct cmdline_opts g_co; /* * _s_x is a structure that stores a string <-> token pairs, used in @@ -331,7 +331,7 @@ struct buf_pr { int pr_u64(struct buf_pr *bp, uint64_t *pd, int width); int bp_alloc(struct buf_pr *b, size_t size); void bp_free(struct buf_pr *b); -int bprintf(struct buf_pr *b, char *format, ...); +int bprintf(struct buf_pr *b, const char *format, ...); /* memory allocation support */ @@ -349,7 +349,7 @@ int match_token_relaxed(struct _s_x *table, const char int get_token(struct _s_x *table, const char *string, const char *errbase); char const *match_value(struct _s_x *p, int value); size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table, - char *delimiter); + const char *delimiter); int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set, uint32_t *clear); void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set); @@ -361,7 +361,7 @@ int do_get3(int optname, struct _ip_fw3_opheader *op3, struct in6_addr; void n2mask(struct in6_addr *mask, int n); -int contigmask(uint8_t *p, int len); +int contigmask(const uint8_t *p, int len); /* * Forward declarations to avoid include way too many headers. @@ -409,7 +409,7 @@ int ipfw_check_nat64prefix(const struct in6_addr *pref /* altq.c */ void altq_set_enabled(int enabled); u_int32_t altq_name_to_qid(const char *name); -void print_altq_cmd(struct buf_pr *bp, struct _ipfw_insn_altq *altqptr); +void print_altq_cmd(struct buf_pr *bp, const struct _ipfw_insn_altq *altqptr); #else #define NO_ALTQ #endif @@ -421,10 +421,10 @@ int ipfw_delete_pipe(int pipe_or_queue, int n); /* ipv6.c */ void print_unreach6_code(struct buf_pr *bp, uint16_t code); -void print_ip6(struct buf_pr *bp, struct _ipfw_insn_ip6 *cmd); -void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd); -void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd); -void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd ); +void print_ip6(struct buf_pr *bp, const struct _ipfw_insn_ip6 *cmd); +void print_flow6id(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd); +void print_icmp6types(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd); +void print_ext6hdr(struct buf_pr *bp, const struct _ipfw_insn *cmd); struct tidx; struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen, Modified: head/sbin/ipfw/ipv6.c ============================================================================== --- head/sbin/ipfw/ipv6.c Mon Jul 13 17:20:20 2020 (r363163) +++ head/sbin/ipfw/ipv6.c Mon Jul 13 17:51:04 2020 (r363164) @@ -85,14 +85,14 @@ print_unreach6_code(struct buf_pr *bp, uint16_t code) * Print the ip address contained in a command. */ void -print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd) +print_ip6(struct buf_pr *bp, const ipfw_insn_ip6 *cmd) { char trad[255]; struct hostent *he = NULL; - struct in6_addr *a = &(cmd->addr6); + const struct in6_addr *a = &(cmd->addr6); int len, mb; - len = F_LEN((ipfw_insn *) cmd) - 1; + len = F_LEN((const ipfw_insn *)cmd) - 1; if (cmd->o.opcode == O_IP6_SRC_ME || cmd->o.opcode == O_IP6_DST_ME) { bprintf(bp, " me6"); return; @@ -112,10 +112,11 @@ print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd) /* mask length */ mb = (cmd->o.opcode == O_IP6_SRC || cmd->o.opcode == O_IP6_DST) ? 128: - contigmask((uint8_t *)&(a[1]), 128); + contigmask((const uint8_t *)&(a[1]), 128); - if (mb == 128 && co.do_resolv) - he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6); + if (mb == 128 && g_co.do_resolv) + he = gethostbyaddr((const char *)a, sizeof(*a), + AF_INET6); if (he != NULL) /* resolved to name */ bprintf(bp, "%s", he->h_name); @@ -142,7 +143,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cb { uint8_t type; - CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_icmp6)); + CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn_icmp6)); memset(cmd, 0, sizeof(*cmd)); while (*av) { if (*av == ',') @@ -165,7 +166,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cb } void -print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd) +print_icmp6types(struct buf_pr *bp, const ipfw_insn_u32 *cmd) { int i, j; char sep= ' '; @@ -181,7 +182,7 @@ print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd } void -print_flow6id(struct buf_pr *bp, ipfw_insn_u32 *cmd) +print_flow6id(struct buf_pr *bp, const ipfw_insn_u32 *cmd) { uint16_t i, limit = cmd->o.arg1; char sep = ','; @@ -257,7 +258,7 @@ fill_ext6hdr( ipfw_insn *cmd, char *av) } void -print_ext6hdr(struct buf_pr *bp, ipfw_insn *cmd ) +print_ext6hdr(struct buf_pr *bp, const ipfw_insn *cmd ) { char sep = ' '; @@ -364,7 +365,8 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen, stru int masklen; char md = '\0'; - CHECK_LENGTH(cblen, 1 + len + 2 * F_INSN_SIZE(struct in6_addr)); + CHECK_LENGTH(cblen, + 1 + len + 2 * (int)F_INSN_SIZE(struct in6_addr)); if ((q = strchr(av, ',')) ) { *q = '\0'; @@ -453,7 +455,8 @@ fill_flow6( ipfw_insn_u32 *cmd, char *av, int cblen) cmd->d[0] = 0; /* Initializing the base number*/ while (s) { - CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_u32) + nflow + 1); + CHECK_LENGTH(cblen, + (int)F_INSN_SIZE(ipfw_insn_u32) + nflow + 1); av = strsep( &s, ",") ; type = strtoul(av, &av, 0); Modified: head/sbin/ipfw/main.c ============================================================================== --- head/sbin/ipfw/main.c Mon Jul 13 17:20:20 2020 (r363163) +++ head/sbin/ipfw/main.c Mon Jul 13 17:51:04 2020 (r363164) @@ -226,8 +226,8 @@ ipfw_main(int oldac, char **oldav) av[ac] = NULL; /* Set the force flag for non-interactive processes */ - if (!co.do_force) - co.do_force = !isatty(STDIN_FILENO); + if (!g_co.do_force) + g_co.do_force = !isatty(STDIN_FILENO); #ifdef EMULATE_SYSCTL /* sysctl emulation */ if ( ac >= 2 && !strcmp(av[1], "sysctl")) { @@ -269,20 +269,20 @@ ipfw_main(int oldac, char **oldav) break; case 'b': - co.comment_only = 1; - co.do_compact = 1; + g_co.comment_only = 1; + g_co.do_compact = 1; break; case 'c': - co.do_compact = 1; + g_co.do_compact = 1; break; case 'd': - co.do_dynamic = 1; + g_co.do_dynamic = 1; break; case 'D': - co.do_dynamic = 2; + g_co.do_dynamic = 2; break; case 'e': @@ -290,7 +290,7 @@ ipfw_main(int oldac, char **oldav) break; case 'f': *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***