Index: head/sbin/ipfw/Makefile =================================================================== --- head/sbin/ipfw/Makefile +++ head/sbin/ipfw/Makefile @@ -6,7 +6,6 @@ PROG= ipfw SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c tables.c SRCS+= nat64clat.c nat64lsn.c nat64stl.c nptv6.c -WARNS?= 2 .if ${MK_PF} != "no" SRCS+= altq.c @@ -17,3 +16,5 @@ MAN= ipfw.8 .include + +CWARNFLAGS+= -Wno-cast-align Index: head/sbin/ipfw/altq.c =================================================================== --- head/sbin/ipfw/altq.c +++ head/sbin/ipfw/altq.c @@ -140,7 +140,7 @@ } void -print_altq_cmd(struct buf_pr *bp, ipfw_insn_altq *altqptr) +print_altq_cmd(struct buf_pr *bp, const ipfw_insn_altq *altqptr) { if (altqptr) { const char *qname; Index: head/sbin/ipfw/dummynet.c =================================================================== --- head/sbin/ipfw/dummynet.c +++ head/sbin/ipfw/dummynet.c @@ -166,8 +166,8 @@ #define PIE_SCALE (1L<type, oid->id); break; case DN_SCH: { @@ -636,7 +636,7 @@ sprintf(bwbuf, "%7.3f bit/s ", b); if (humanize_number(burst, sizeof(burst), p->burst, - "", HN_AUTOSCALE, 0) < 0 || co.verbose) + "", HN_AUTOSCALE, 0) < 0 || g_co.verbose) sprintf(burst, "%d", (int)p->burst); sprintf(buf, "%05d: %s %4d ms burst %s", p->link_nr % DN_MAX_ID, bwbuf, p->delay, burst); @@ -1317,7 +1317,7 @@ o_next(&buf, sizeof(struct dn_id), DN_CMD_CONFIG); base->id = DN_API_VERSION; - switch (co.do_pipe) { + switch (g_co.do_pipe) { case 1: /* "pipe N config ..." */ /* Allocate space for the WF2Q+ scheduler, its link * and the FIFO flowset. Set the number, but leave @@ -1893,7 +1893,7 @@ } n++; /* translate if 'pipe list' */ - if (co.do_pipe == 1) { + if (g_co.do_pipe == 1) { v[0] += DN_MAX_ID; v[1] += DN_MAX_ID; } @@ -1947,7 +1947,7 @@ if (max_size < sizeof(struct dn_flow)) max_size = sizeof(struct dn_flow); - switch (co.do_pipe) { + switch (g_co.do_pipe) { case 1: oid->subtype = DN_LINK; /* list pipe */ break; Index: head/sbin/ipfw/ipfw2.h =================================================================== --- head/sbin/ipfw/ipfw2.h +++ head/sbin/ipfw/ipfw2.h @@ -51,7 +51,7 @@ int do_sort; /* field to sort results (0 = no) */ /* valid fields are 1 and above */ - int use_set; /* work with specified set number */ + uint32_t use_set; /* work with specified set number */ /* 0 means all sets, otherwise apply to set use_set - 1 */ }; @@ -62,7 +62,7 @@ TIMESTAMP_NUMERIC, }; -extern struct cmdline_opts co; +extern struct cmdline_opts g_co; /* * _s_x is a structure that stores a string <-> token pairs, used in @@ -331,7 +331,7 @@ int pr_u64(struct buf_pr *bp, uint64_t *pd, int width); int bp_alloc(struct buf_pr *b, size_t size); void bp_free(struct buf_pr *b); -int bprintf(struct buf_pr *b, char *format, ...); +int bprintf(struct buf_pr *b, const char *format, ...); /* memory allocation support */ @@ -349,7 +349,7 @@ int get_token(struct _s_x *table, const char *string, const char *errbase); char const *match_value(struct _s_x *p, int value); size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table, - char *delimiter); + const char *delimiter); int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set, uint32_t *clear); void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set); @@ -361,7 +361,7 @@ struct in6_addr; void n2mask(struct in6_addr *mask, int n); -int contigmask(uint8_t *p, int len); +int contigmask(const uint8_t *p, int len); /* * Forward declarations to avoid include way too many headers. @@ -409,7 +409,7 @@ /* altq.c */ void altq_set_enabled(int enabled); u_int32_t altq_name_to_qid(const char *name); -void print_altq_cmd(struct buf_pr *bp, struct _ipfw_insn_altq *altqptr); +void print_altq_cmd(struct buf_pr *bp, const struct _ipfw_insn_altq *altqptr); #else #define NO_ALTQ #endif @@ -421,10 +421,10 @@ /* ipv6.c */ void print_unreach6_code(struct buf_pr *bp, uint16_t code); -void print_ip6(struct buf_pr *bp, struct _ipfw_insn_ip6 *cmd); -void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd); -void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd); -void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd ); +void print_ip6(struct buf_pr *bp, const struct _ipfw_insn_ip6 *cmd); +void print_flow6id(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd); +void print_icmp6types(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd); +void print_ext6hdr(struct buf_pr *bp, const struct _ipfw_insn *cmd); struct tidx; struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen, Index: head/sbin/ipfw/ipfw2.c =================================================================== --- head/sbin/ipfw/ipfw2.c +++ head/sbin/ipfw/ipfw2.c @@ -57,7 +57,7 @@ #include #include -struct cmdline_opts co; /* global options */ +struct cmdline_opts g_co; /* global options */ struct format_opts { int bcwidth; @@ -74,7 +74,7 @@ int resvd_set_number = RESVD_SET; -int ipfw_socket = -1; +static int ipfw_socket = -1; #define CHECK_LENGTH(v, len) do { \ if ((v) < (len)) \ @@ -395,8 +395,8 @@ static void ipfw_list_tifaces(void); struct tidx; -static uint16_t pack_object(struct tidx *tstate, char *name, int otype); -static uint16_t pack_table(struct tidx *tstate, char *name); +static uint16_t pack_object(struct tidx *tstate, const char *name, int otype); +static uint16_t pack_table(struct tidx *tstate, const char *name); static char *table_search_ctlv(ipfw_obj_ctlv *ctlv, uint16_t idx); static void object_sort_ctlv(ipfw_obj_ctlv *ctlv); @@ -456,7 +456,7 @@ * Returns number of bytes that should have been printed. */ int -bprintf(struct buf_pr *b, char *format, ...) +bprintf(struct buf_pr *b, const char *format, ...) { va_list args; int i; @@ -466,7 +466,7 @@ i = vsnprintf(b->ptr, b->avail, format, args); va_end(args); - if (i > b->avail || i < 0) { + if (i < 0 || (size_t)i > b->avail) { /* Overflow or print error */ b->avail = 0; } else { @@ -569,7 +569,7 @@ { int i; - if (co.test_only) + if (g_co.test_only) return 0; if (ipfw_socket == -1) @@ -606,7 +606,7 @@ do_set3(int optname, ip_fw3_opheader *op3, size_t optlen) { - if (co.test_only) + if (g_co.test_only) return (0); if (ipfw_socket == -1) @@ -635,7 +635,7 @@ int error; socklen_t len; - if (co.test_only) + if (g_co.test_only) return (0); if (ipfw_socket == -1) @@ -725,7 +725,8 @@ } size_t -concat_tokens(char *buf, size_t bufsize, struct _s_x *table, char *delimiter) +concat_tokens(char *buf, size_t bufsize, struct _s_x *table, + const char *delimiter) { struct _s_x *pt; int l; @@ -788,7 +789,7 @@ set &= ~list[i].x; l = snprintf(buf, sz, "%s%s", comma, list[i].s); - if (l >= sz) + if (l < 0 || (size_t)l >= sz) return; comma = ","; buf += l; @@ -856,13 +857,13 @@ if (proto == IPPROTO_ETHERTYPE) { char const *s; - if (co.do_resolv && (s = match_value(ether_types, port)) ) + if (g_co.do_resolv && (s = match_value(ether_types, port)) ) bprintf(bp, "%s", s); else bprintf(bp, "0x%04x", port); } else { struct servent *se = NULL; - if (co.do_resolv) { + if (g_co.do_resolv) { struct protoent *pe = getprotobynumber(proto); se = getservbyport(htons(port), pe ? pe->p_name : NULL); @@ -893,9 +894,9 @@ * XXX todo: add support for mask. */ static void -print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, int proto, int opcode) +print_newports(struct buf_pr *bp, const ipfw_insn_u16 *cmd, int proto, int opcode) { - uint16_t *p = cmd->ports; + const uint16_t *p = cmd->ports; int i; char const *sep; @@ -906,7 +907,7 @@ bprintf(bp, " %s", sep); } sep = " "; - for (i = F_LEN((ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) { + for (i = F_LEN((const ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) { bprintf(bp, "%s", sep); print_port(bp, proto, p[0]); if (p[0] != p[1]) { @@ -1134,7 +1135,7 @@ * len is the max length in bits. */ int -contigmask(uint8_t *p, int len) +contigmask(const uint8_t *p, int len) { int i, n; @@ -1152,7 +1153,7 @@ * There is a specialized check for f_tcpflags. */ static void -print_flags(struct buf_pr *bp, char const *name, ipfw_insn *cmd, +print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd, struct _s_x *list) { char const *comma = ""; @@ -1185,12 +1186,13 @@ * Print the ip address contained in a command. */ static void -print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd) +print_ip(struct buf_pr *bp, const struct format_opts *fo, + const ipfw_insn_ip *cmd) { struct hostent *he = NULL; - struct in_addr *ia; - uint32_t len = F_LEN((ipfw_insn *)cmd); - uint32_t *a = ((ipfw_insn_u32 *)cmd)->d; + const struct in_addr *ia; + const uint32_t *a = ((const ipfw_insn_u32 *)cmd)->d; + uint32_t len = F_LEN((const ipfw_insn *)cmd); char *t; bprintf(bp, " "); @@ -1200,7 +1202,8 @@ if (d < sizeof(lookup_key)/sizeof(lookup_key[0])) arg = match_value(rule_options, lookup_key[d]); - t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1); + t = table_search_ctlv(fo->tstate, + ((const ipfw_insn *)cmd)->arg1); bprintf(bp, "lookup %s %s", arg, t); return; } @@ -1210,7 +1213,8 @@ } if (cmd->o.opcode == O_IP_SRC_LOOKUP || cmd->o.opcode == O_IP_DST_LOOKUP) { - t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1); + t = table_search_ctlv(fo->tstate, + ((const ipfw_insn *)cmd)->arg1); bprintf(bp, "table(%s", t); if (len == F_INSN_SIZE(ipfw_insn_u32)) bprintf(bp, ",%u", *a); @@ -1218,16 +1222,18 @@ return; } if (cmd->o.opcode == O_IP_SRC_SET || cmd->o.opcode == O_IP_DST_SET) { - uint32_t x, *map = (uint32_t *)&(cmd->mask); + const uint32_t *map = (const uint32_t *)&cmd->mask; + struct in_addr addr; + uint32_t x; int i, j; char comma = '{'; x = cmd->o.arg1 - 1; - x = htonl( ~x ); - cmd->addr.s_addr = htonl(cmd->addr.s_addr); - bprintf(bp, "%s/%d", inet_ntoa(cmd->addr), - contigmask((uint8_t *)&x, 32)); - x = cmd->addr.s_addr = htonl(cmd->addr.s_addr); + x = htonl(~x); + addr.s_addr = htonl(cmd->addr.s_addr); + bprintf(bp, "%s/%d", inet_ntoa(addr), + contigmask((uint8_t *)&x, 32)); + x = cmd->addr.s_addr; x &= 0xff; /* base */ /* * Print bits and ranges. @@ -1258,19 +1264,19 @@ for (len = len / 2; len > 0; len--, a += 2) { int mb = /* mask length */ (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ? - 32 : contigmask((uint8_t *)&(a[1]), 32); - if (mb == 32 && co.do_resolv) - he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t), + 32 : contigmask((const uint8_t *)&(a[1]), 32); + if (mb == 32 && g_co.do_resolv) + he = gethostbyaddr((const char *)&(a[0]), sizeof(in_addr_t), AF_INET); if (he != NULL) /* resolved to name */ bprintf(bp, "%s", he->h_name); else if (mb == 0) /* any */ bprintf(bp, "any"); else { /* numeric IP followed by some kind of mask */ - ia = (struct in_addr *)&a[0]; + ia = (const struct in_addr *)&a[0]; bprintf(bp, "%s", inet_ntoa(*ia)); if (mb < 0) { - ia = (struct in_addr *)&a[1]; + ia = (const struct in_addr *)&a[1]; bprintf(bp, ":%s", inet_ntoa(*ia)); } else if (mb < 32) bprintf(bp, "/%d", mb); @@ -1284,7 +1290,7 @@ * prints a MAC address/mask pair */ static void -format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *mask) +format_mac(struct buf_pr *bp, const uint8_t *addr, const uint8_t *mask) { int l = contigmask(mask, 48); @@ -1303,7 +1309,7 @@ } static void -print_mac(struct buf_pr *bp, ipfw_insn_mac *mac) +print_mac(struct buf_pr *bp, const ipfw_insn_mac *mac) { bprintf(bp, " MAC"); @@ -1336,7 +1342,7 @@ } static void -print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd) +print_icmptypes(struct buf_pr *bp, const ipfw_insn_u32 *cmd) { int i; char sep= ' '; @@ -1351,12 +1357,12 @@ } static void -print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd) +print_dscp(struct buf_pr *bp, const ipfw_insn_u32 *cmd) { + const uint32_t *v; + const char *code; int i = 0; - uint32_t *v; char sep= ' '; - const char *code; bprintf(bp, " dscp"); v = cmd->d; @@ -1374,7 +1380,7 @@ } } -#define insntod(cmd, type) ((ipfw_insn_ ## type *)(cmd)) +#define insntod(cmd, type) ((const ipfw_insn_ ## type *)(cmd)) struct show_state { struct ip_fw_rule *rule; const ipfw_insn *eaction; @@ -1443,7 +1449,7 @@ static int print_instruction(struct buf_pr *bp, const struct format_opts *fo, - struct show_state *state, ipfw_insn *cmd) + struct show_state *state, const ipfw_insn *cmd) { struct protoent *pe; struct passwd *pwd; @@ -1685,7 +1691,7 @@ bprintf(bp, " ipsec"); break; case O_NOP: - bprintf(bp, " // %s", (char *)(cmd + 1)); + bprintf(bp, " // %s", (const char *)(cmd + 1)); break; case O_KEEP_STATE: if (state->flags & HAVE_PROBE_STATE) @@ -1777,8 +1783,8 @@ print_fwd(struct buf_pr *bp, const ipfw_insn *cmd) { char buf[INET6_ADDRSTRLEN + IF_NAMESIZE + 2]; - ipfw_insn_sa6 *sa6; - ipfw_insn_sa *sa; + const ipfw_insn_sa6 *sa6; + const ipfw_insn_sa *sa; uint16_t port; if (cmd->opcode == O_FORWARD_IP) { @@ -2056,7 +2062,7 @@ static int match_opcode(int opcode, const int opcodes[], size_t nops) { - int i; + size_t i; for (i = 0; i < nops; i++) if (opcode == opcodes[i]) @@ -2138,10 +2144,10 @@ show_static_rule(struct cmdline_opts *co, struct format_opts *fo, struct buf_pr *bp, struct ip_fw_rule *rule, struct ip_fw_bcounter *cntr) { + static int twidth = 0; struct show_state state; ipfw_insn *cmd; - static int twidth = 0; - int i; + size_t i; /* Print # DISABLED or skip the rule */ if ((fo->set_mask & (1 << rule->set)) == 0) { @@ -2361,7 +2367,7 @@ ipfw_sets_handler(char *av[]) { ipfw_range_tlv rt; - char *msg; + const char *msg; size_t size; uint32_t masks[2]; int i; @@ -2378,7 +2384,7 @@ ipfw_cfg_lheader *cfg; memset(&fo, 0, sizeof(fo)); - if (ipfw_get_config(&co, &fo, &cfg, &size) != 0) + if (ipfw_get_config(&g_co, &fo, &cfg, &size) != 0) err(EX_OSERR, "requesting config failed"); for (i = 0, msg = "disable"; i < RESVD_SET; i++) @@ -2507,7 +2513,7 @@ static void prepare_format_dyn(struct cmdline_opts *co, struct format_opts *fo, - void *arg, void *_state) + void *arg __unused, void *_state) { ipfw_dyn_rule *d; int width; @@ -2701,11 +2707,11 @@ uint32_t rnum; char *endptr; - if (co.test_only) { + if (g_co.test_only) { fprintf(stderr, "Testing only, list disabled\n"); return; } - if (co.do_pipe) { + if (g_co.do_pipe) { dummynet_list(ac, av, show_counters); return; } @@ -2731,17 +2737,17 @@ /* get configuraion from kernel */ cfg = NULL; sfo.show_counters = show_counters; - sfo.show_time = co.do_time; - if (co.do_dynamic != 2) + sfo.show_time = g_co.do_time; + if (g_co.do_dynamic != 2) sfo.flags |= IPFW_CFG_GET_STATIC; - if (co.do_dynamic != 0) + if (g_co.do_dynamic != 0) sfo.flags |= IPFW_CFG_GET_STATES; if ((sfo.show_counters | sfo.show_time) != 0) sfo.flags |= IPFW_CFG_GET_COUNTERS; - if (ipfw_get_config(&co, &sfo, &cfg, &sz) != 0) + if (ipfw_get_config(&g_co, &sfo, &cfg, &sz) != 0) err(EX_OSERR, "retrieving config failed"); - error = ipfw_show_config(&co, &sfo, cfg, sz, ac, av); + error = ipfw_show_config(&g_co, &sfo, cfg, sz, ac, av); free(cfg); @@ -2974,7 +2980,8 @@ return (0); } -static char *default_state_name = "default"; +static const char *default_state_name = "default"; + static int state_check_name(const char *name) { @@ -3000,10 +3007,10 @@ } static uint16_t -pack_object(struct tidx *tstate, char *name, int otype) +pack_object(struct tidx *tstate, const char *name, int otype) { - int i; ipfw_obj_ntlv *ntlv; + uint32_t i; for (i = 0; i < tstate->count; i++) { if (strcmp(tstate->idx[i].name, name) != 0) @@ -3037,7 +3044,7 @@ } static uint16_t -pack_table(struct tidx *tstate, char *name) +pack_table(struct tidx *tstate, const char *name) { if (table_check_name(name) != 0) @@ -3116,7 +3123,7 @@ int masklen; char md, nd = '\0'; - CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn) + 2 + len); + CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn) + 2 + len); if (p) { md = *p; @@ -3314,7 +3321,7 @@ /* Do not allow using the following syntax: * ipfw set N delete set M */ - if (co.use_set) + if (g_co.use_set) errx(EX_DATAERR, "invalid syntax"); do_set = 1; /* delete set */ av++; @@ -3327,10 +3334,10 @@ if (*sep== '-') j = strtol(sep + 1, NULL, 10); av++; - if (co.do_nat) { + if (g_co.do_nat) { exitval = ipfw_delete_nat(i); - } else if (co.do_pipe) { - exitval = ipfw_delete_pipe(co.do_pipe, i); + } else if (g_co.do_pipe) { + exitval = ipfw_delete_pipe(g_co.do_pipe, i); } else { memset(&rt, 0, sizeof(rt)); if (do_set != 0) { @@ -3343,24 +3350,24 @@ rt.flags |= IPFW_RCFLAG_ALL; else rt.flags |= IPFW_RCFLAG_RANGE; - if (co.use_set != 0) { - rt.set = co.use_set - 1; + if (g_co.use_set != 0) { + rt.set = g_co.use_set - 1; rt.flags |= IPFW_RCFLAG_SET; } } - if (co.do_dynamic == 2) + if (g_co.do_dynamic == 2) rt.flags |= IPFW_RCFLAG_DYNAMIC; i = do_range_cmd(IP_FW_XDEL, &rt); if (i != 0) { exitval = EX_UNAVAILABLE; - if (co.do_quiet) + if (g_co.do_quiet) continue; warn("rule %u: setsockopt(IP_FW_XDEL)", rt.start_rule); } else if (rt.new_set == 0 && do_set == 0 && - co.do_dynamic != 2) { + g_co.do_dynamic != 2) { exitval = EX_UNAVAILABLE; - if (co.do_quiet) + if (g_co.do_quiet) continue; if (rt.start_rule != rt.end_rule) warnx("no rules rules in %u-%u range", @@ -3371,7 +3378,7 @@ } } } - if (exitval != EX_OK && co.do_force == 0) + if (exitval != EX_OK && g_co.do_force == 0) exit(exitval); } @@ -3696,7 +3703,7 @@ struct in6_addr a; char *host, *ch, buf[INET6_ADDRSTRLEN]; ipfw_insn *ret = NULL; - int len; + size_t len; /* Copy first address in set if needed */ if ((ch = strpbrk(av, "/,")) != NULL) { @@ -3727,7 +3734,7 @@ struct in6_addr a; char *host, *ch, buf[INET6_ADDRSTRLEN]; ipfw_insn *ret = NULL; - int len; + size_t len; /* Copy first address in set if needed */ if ((ch = strpbrk(av, "/,")) != NULL) { @@ -3764,7 +3771,7 @@ * various match patterns, log/altq actions, and the actual action. * */ -void +static void compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate) { /* @@ -4250,7 +4257,7 @@ len = sizeof(c->max_log); if (sysctlbyname("net.inet.ip.fw.verbose_limit", &c->max_log, &len, NULL, 0) == -1) { - if (co.test_only) { + if (g_co.test_only) { c->max_log = 0; break; } @@ -5138,10 +5145,10 @@ static int compare_ntlv(const void *_a, const void *_b) { - ipfw_obj_ntlv *a, *b; + const ipfw_obj_ntlv *a, *b; - a = (ipfw_obj_ntlv *)_a; - b = (ipfw_obj_ntlv *)_b; + a = (const ipfw_obj_ntlv *)_a; + b = (const ipfw_obj_ntlv *)_b; if (a->set < b->set) return (-1); @@ -5178,11 +5185,11 @@ static int compare_object_kntlv(const void *k, const void *v) { - ipfw_obj_ntlv *ntlv; + const ipfw_obj_ntlv *ntlv; struct object_kt key; - key = *((struct object_kt *)k); - ntlv = (ipfw_obj_ntlv *)v; + key = *((const struct object_kt *)k); + ntlv = (const ipfw_obj_ntlv *)v; if (key.uidx < ntlv->idx) return (-1); @@ -5318,14 +5325,14 @@ if (do_get3(IP_FW_XADD, op3, &sz) != 0) err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_XADD"); - if (!co.do_quiet) { + if (!g_co.do_quiet) { struct format_opts sfo; struct buf_pr bp; memset(&sfo, 0, sizeof(sfo)); sfo.tstate = tstate; sfo.set_mask = (uint32_t)(-1); bp_alloc(&bp, 4096); - show_static_rule(&co, &sfo, &bp, rule, NULL); + show_static_rule(&g_co, &sfo, &bp, rule, NULL); printf("%s", bp.buf); bp_free(&bp); } @@ -5361,7 +5368,7 @@ rt.flags = IPFW_RCFLAG_ALL; if (do_range_cmd(optname, &rt) < 0) err(EX_UNAVAILABLE, "setsockopt(IP_FW_X%s)", name); - if (!co.do_quiet) + if (!g_co.do_quiet) printf("%s.\n", optname == IP_FW_XZERO ? "Accounting cleared":"Logging counts reset"); @@ -5379,8 +5386,8 @@ rt.start_rule = arg; rt.end_rule = arg; rt.flags |= IPFW_RCFLAG_RANGE; - if (co.use_set != 0) { - rt.set = co.use_set - 1; + if (g_co.use_set != 0) { + rt.set = g_co.use_set - 1; rt.flags |= IPFW_RCFLAG_SET; } if (do_range_cmd(optname, &rt) != 0) { @@ -5390,7 +5397,7 @@ } else if (rt.new_set == 0) { printf("Entry %d not found\n", arg); failed = EX_UNAVAILABLE; - } else if (!co.do_quiet) + } else if (!g_co.do_quiet) printf("Entry %d %s.\n", arg, optname == IP_FW_XZERO ? "cleared" : "logging count reset"); @@ -5408,7 +5415,7 @@ { ipfw_range_tlv rt; - if (!force && !co.do_quiet) { /* need to ask user */ + if (!force && !g_co.do_quiet) { /* need to ask user */ int c; printf("Are you sure? [yn] "); @@ -5423,21 +5430,21 @@ if (c == 'N') /* user said no */ return; } - if (co.do_pipe) { + if (g_co.do_pipe) { dummynet_flush(); return; } /* `ipfw set N flush` - is the same that `ipfw delete set N` */ memset(&rt, 0, sizeof(rt)); - if (co.use_set != 0) { - rt.set = co.use_set - 1; + if (g_co.use_set != 0) { + rt.set = g_co.use_set - 1; rt.flags = IPFW_RCFLAG_SET; } else rt.flags = IPFW_RCFLAG_ALL; if (do_range_cmd(IP_FW_XDEL, &rt) != 0) err(EX_UNAVAILABLE, "setsockopt(IP_FW_XDEL)"); - if (!co.do_quiet) - printf("Flushed all %s.\n", co.do_pipe ? "pipes" : "rules"); + if (!g_co.do_quiet) + printf("Flushed all %s.\n", g_co.do_pipe ? "pipes" : "rules"); } static struct _s_x intcmds[] = { @@ -5473,13 +5480,13 @@ } static void -ipfw_list_objects(int ac, char *av[]) +ipfw_list_objects(int ac __unused, char *av[] __unused) { ipfw_obj_lheader req, *olh; ipfw_obj_ntlv *ntlv; const char *name; size_t sz; - int i; + uint32_t i; memset(&req, 0, sizeof(req)); sz = sizeof(req); @@ -5577,10 +5584,10 @@ static int ifinfo_cmp(const void *a, const void *b) { - ipfw_iface_info *ia, *ib; + const ipfw_iface_info *ia, *ib; - ia = (ipfw_iface_info *)a; - ib = (ipfw_iface_info *)b; + ia = (const ipfw_iface_info *)a; + ib = (const ipfw_iface_info *)b; return (stringnum_cmp(ia->ifname, ib->ifname)); } @@ -5591,11 +5598,12 @@ * Returns 0 on success. */ static void -ipfw_list_tifaces() +ipfw_list_tifaces(void) { ipfw_obj_lheader *olh; ipfw_iface_info *info; - int i, error; + uint32_t i; + int error; if ((error = ipfw_get_tracked_ifaces(&olh)) != 0) err(EX_OSERR, "Unable to request ipfw tracked interface list"); Index: head/sbin/ipfw/ipv6.c =================================================================== --- head/sbin/ipfw/ipv6.c +++ head/sbin/ipfw/ipv6.c @@ -85,14 +85,14 @@ * Print the ip address contained in a command. */ void -print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd) +print_ip6(struct buf_pr *bp, const ipfw_insn_ip6 *cmd) { char trad[255]; struct hostent *he = NULL; - struct in6_addr *a = &(cmd->addr6); + const struct in6_addr *a = &(cmd->addr6); int len, mb; - len = F_LEN((ipfw_insn *) cmd) - 1; + len = F_LEN((const ipfw_insn *)cmd) - 1; if (cmd->o.opcode == O_IP6_SRC_ME || cmd->o.opcode == O_IP6_DST_ME) { bprintf(bp, " me6"); return; @@ -112,10 +112,11 @@ /* mask length */ mb = (cmd->o.opcode == O_IP6_SRC || cmd->o.opcode == O_IP6_DST) ? 128: - contigmask((uint8_t *)&(a[1]), 128); + contigmask((const uint8_t *)&(a[1]), 128); - if (mb == 128 && co.do_resolv) - he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6); + if (mb == 128 && g_co.do_resolv) + he = gethostbyaddr((const char *)a, sizeof(*a), + AF_INET6); if (he != NULL) /* resolved to name */ bprintf(bp, "%s", he->h_name); @@ -142,7 +143,7 @@ { uint8_t type; - CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_icmp6)); + CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn_icmp6)); memset(cmd, 0, sizeof(*cmd)); while (*av) { if (*av == ',') @@ -165,7 +166,7 @@ } void -print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd) +print_icmp6types(struct buf_pr *bp, const ipfw_insn_u32 *cmd) { int i, j; char sep= ' '; @@ -181,7 +182,7 @@ } void -print_flow6id(struct buf_pr *bp, ipfw_insn_u32 *cmd) +print_flow6id(struct buf_pr *bp, const ipfw_insn_u32 *cmd) { uint16_t i, limit = cmd->o.arg1; char sep = ','; @@ -257,7 +258,7 @@ } void -print_ext6hdr(struct buf_pr *bp, ipfw_insn *cmd ) +print_ext6hdr(struct buf_pr *bp, const ipfw_insn *cmd ) { char sep = ' '; @@ -364,7 +365,8 @@ int masklen; char md = '\0'; - CHECK_LENGTH(cblen, 1 + len + 2 * F_INSN_SIZE(struct in6_addr)); + CHECK_LENGTH(cblen, + 1 + len + 2 * (int)F_INSN_SIZE(struct in6_addr)); if ((q = strchr(av, ',')) ) { *q = '\0'; @@ -453,7 +455,8 @@ cmd->d[0] = 0; /* Initializing the base number*/ while (s) { - CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_u32) + nflow + 1); + CHECK_LENGTH(cblen, + (int)F_INSN_SIZE(ipfw_insn_u32) + nflow + 1); av = strsep( &s, ",") ; type = strtoul(av, &av, 0); Index: head/sbin/ipfw/main.c =================================================================== --- head/sbin/ipfw/main.c +++ head/sbin/ipfw/main.c @@ -226,8 +226,8 @@ av[ac] = NULL; /* Set the force flag for non-interactive processes */ - if (!co.do_force) - co.do_force = !isatty(STDIN_FILENO); + if (!g_co.do_force) + g_co.do_force = !isatty(STDIN_FILENO); #ifdef EMULATE_SYSCTL /* sysctl emulation */ if ( ac >= 2 && !strcmp(av[1], "sysctl")) { @@ -269,20 +269,20 @@ break; case 'b': - co.comment_only = 1; - co.do_compact = 1; + g_co.comment_only = 1; + g_co.do_compact = 1; break; case 'c': - co.do_compact = 1; + g_co.do_compact = 1; break; case 'd': - co.do_dynamic = 1; + g_co.do_dynamic = 1; break; case 'D': - co.do_dynamic = 2; + g_co.do_dynamic = 2; break; case 'e': @@ -290,7 +290,7 @@ break; case 'f': - co.do_force = 1; + g_co.do_force = 1; break; case 'h': /* help */ @@ -299,15 +299,15 @@ break; /* NOTREACHED */ case 'i': - co.do_value_as_ip = 1; + g_co.do_value_as_ip = 1; break; case 'n': - co.test_only = 1; + g_co.test_only = 1; break; case 'N': - co.do_resolv = 1; + g_co.do_resolv = 1; break; case 'p': @@ -316,27 +316,27 @@ /* NOTREACHED */ case 'q': - co.do_quiet = 1; + g_co.do_quiet = 1; break; case 's': /* sort */ - co.do_sort = atoi(optarg); + g_co.do_sort = atoi(optarg); break; case 'S': - co.show_sets = 1; + g_co.show_sets = 1; break; case 't': - co.do_time = TIMESTAMP_STRING; + g_co.do_time = TIMESTAMP_STRING; break; case 'T': - co.do_time = TIMESTAMP_NUMERIC; + g_co.do_time = TIMESTAMP_NUMERIC; break; case 'v': /* verbose */ - co.verbose = 1; + g_co.verbose = 1; break; default: @@ -363,31 +363,31 @@ /* * Optional: pipe, queue or nat. */ - co.do_nat = 0; - co.do_pipe = 0; - co.use_set = 0; + g_co.do_nat = 0; + g_co.do_pipe = 0; + g_co.use_set = 0; if (!strncmp(*av, "nat", strlen(*av))) - co.do_nat = 1; - else if (!strncmp(*av, "pipe", strlen(*av))) - co.do_pipe = 1; + g_co.do_nat = 1; + else if (!strncmp(*av, "pipe", strlen(*av))) + g_co.do_pipe = 1; else if (_substrcmp(*av, "queue") == 0) - co.do_pipe = 2; + g_co.do_pipe = 2; else if (_substrcmp(*av, "flowset") == 0) - co.do_pipe = 2; + g_co.do_pipe = 2; else if (_substrcmp(*av, "sched") == 0) - co.do_pipe = 3; + g_co.do_pipe = 3; else if (!strncmp(*av, "set", strlen(*av))) { if (ac > 1 && isdigit(av[1][0])) { - co.use_set = strtonum(av[1], 0, resvd_set_number, + g_co.use_set = strtonum(av[1], 0, resvd_set_number, &errstr); if (errstr) errx(EX_DATAERR, "invalid set number %s\n", av[1]); - ac -= 2; av += 2; co.use_set++; + ac -= 2; av += 2; g_co.use_set++; } } - if (co.do_pipe || co.do_nat) { + if (g_co.do_pipe || g_co.do_nat) { ac--; av++; } @@ -398,21 +398,21 @@ * but the code is easier to parse as 'nat|pipe config NN' * so we swap the two arguments. */ - if ((co.do_pipe || co.do_nat) && ac > 1 && isdigit(*av[0])) { + if ((g_co.do_pipe || g_co.do_nat) && ac > 1 && isdigit(*av[0])) { char *p = av[0]; av[0] = av[1]; av[1] = p; } - if (co.use_set == 0) { + if (g_co.use_set == 0) { if (_substrcmp(*av, "add") == 0) ipfw_add(av); - else if (co.do_nat && _substrcmp(*av, "show") == 0) + else if (g_co.do_nat && _substrcmp(*av, "show") == 0) ipfw_show_nat(ac, av); - else if (co.do_pipe && _substrcmp(*av, "config") == 0) + else if (g_co.do_pipe && _substrcmp(*av, "config") == 0) ipfw_config_pipe(ac, av); - else if (co.do_nat && _substrcmp(*av, "config") == 0) + else if (g_co.do_nat && _substrcmp(*av, "config") == 0) ipfw_config_nat(ac, av); else if (_substrcmp(*av, "set") == 0) ipfw_sets_handler(av); @@ -426,7 +426,7 @@ try_next = 1; } - if (co.use_set || try_next) { + if (g_co.use_set || try_next) { if (_substrcmp(*av, "delete") == 0) ipfw_delete(av); else if (!strncmp(*av, "nat64clat", strlen(*av))) @@ -438,7 +438,7 @@ else if (!strncmp(*av, "nptv6", strlen(*av))) ipfw_nptv6_handler(ac, av); else if (_substrcmp(*av, "flush") == 0) - ipfw_flush(co.do_force); + ipfw_flush(g_co.do_force); else if (_substrcmp(*av, "zero") == 0) ipfw_zero(ac, av, 0 /* IP_FW_ZERO */); else if (_substrcmp(*av, "resetlog") == 0) @@ -477,19 +477,19 @@ while ((c = getopt(ac, av, "cfNnp:qS")) != -1) { switch(c) { case 'c': - co.do_compact = 1; + g_co.do_compact = 1; break; case 'f': - co.do_force = 1; + g_co.do_force = 1; break; case 'N': - co.do_resolv = 1; + g_co.do_resolv = 1; break; case 'n': - co.test_only = 1; + g_co.test_only = 1; break; case 'p': @@ -518,11 +518,11 @@ break; case 'q': - co.do_quiet = 1; + g_co.do_quiet = 1; break; case 'S': - co.show_sets = 1; + g_co.show_sets = 1; break; default: Index: head/sbin/ipfw/nat.c =================================================================== --- head/sbin/ipfw/nat.c +++ head/sbin/ipfw/nat.c @@ -117,7 +117,7 @@ ifm = (struct if_msghdr *)next; next += ifm->ifm_msglen; if (ifm->ifm_version != RTM_VERSION) { - if (co.verbose) + if (g_co.verbose) warnx("routing message version %d " "not understood", ifm->ifm_version); continue; @@ -141,7 +141,7 @@ ifam = (struct ifa_msghdr *)next; next += ifam->ifam_msglen; if (ifam->ifam_version != RTM_VERSION) { - if (co.verbose) + if (g_co.verbose) warnx("routing message version %d " "not understood", ifam->ifam_version); continue; @@ -623,7 +623,7 @@ } static void -nat_show_log(struct nat44_cfg_nat *n, void *arg) +nat_show_log(struct nat44_cfg_nat *n, void *arg __unused) { char *buf; @@ -633,13 +633,14 @@ } static void -nat_show_cfg(struct nat44_cfg_nat *n, void *arg) +nat_show_cfg(struct nat44_cfg_nat *n, void *arg __unused) { - int i, cnt, off; struct nat44_cfg_redir *t; struct nat44_cfg_spool *s; caddr_t buf; struct protoent *p; + uint32_t cnt; + int i, off; buf = (caddr_t)n; off = sizeof(*n); @@ -931,7 +932,7 @@ if (i != 0) err(1, "setsockopt(%s)", "IP_FW_NAT44_XCONFIG"); - if (!co.do_quiet) { + if (!g_co.do_quiet) { /* After every modification, we show the resultant rule. */ int _ac = 3; const char *_av[] = {"show", "config", id}; @@ -960,7 +961,7 @@ nat_fill_ntlv(&oh.ntlv, i); ret = do_set3(IP_FW_NAT44_DESTROY, &oh.opheader, sizeof(oh)); if (ret == -1) { - if (!co.do_quiet) + if (!g_co.do_quiet) warn("nat %u not available", i); return (EX_UNAVAILABLE); } @@ -1012,10 +1013,10 @@ static int natname_cmp(const void *a, const void *b) { - struct nat44_cfg_nat *ia, *ib; + const struct nat44_cfg_nat *ia, *ib; - ia = (struct nat44_cfg_nat *)a; - ib = (struct nat44_cfg_nat *)b; + ia = (const struct nat44_cfg_nat *)a; + ib = (const struct nat44_cfg_nat *)b; return (stringnum_cmp(ia->name, ib->name)); } @@ -1031,7 +1032,8 @@ ipfw_obj_lheader *olh; struct nat44_cfg_nat *cfg; size_t sz; - int i, error; + uint32_t i; + int error; /* Start with reasonable default */ sz = sizeof(*olh) + 16 * sizeof(struct nat44_cfg_nat); @@ -1110,7 +1112,7 @@ ac--; av++; - if (co.test_only) + if (g_co.test_only) return; /* Parse parameters. */ Index: head/sbin/ipfw/nat64clat.c =================================================================== --- head/sbin/ipfw/nat64clat.c +++ head/sbin/ipfw/nat64clat.c @@ -96,8 +96,8 @@ int tcmd; uint8_t set; - if (co.use_set != 0) - set = co.use_set - 1; + if (g_co.use_set != 0) + set = g_co.use_set - 1; else set = 0; ac--; av++; @@ -389,7 +389,7 @@ if (nat64clat_get_stats(name, set, &stats) != 0) err(EX_OSERR, "Error retrieving stats"); - if (co.use_set != 0 || set != 0) + if (g_co.use_set != 0 || set != 0) printf("set %u ", set); printf("nat64clat %s\n", name); @@ -438,10 +438,10 @@ if (name != NULL && strcmp(cfg->name, name) != 0) return (ESRCH); - if (co.use_set != 0 && cfg->set != set) + if (g_co.use_set != 0 && cfg->set != set) return (ESRCH); - if (co.use_set != 0 || cfg->set != 0) + if (g_co.use_set != 0 || cfg->set != 0) printf("set %u ", cfg->set); inet_ntop(AF_INET6, &cfg->clat_prefix, clat_buf, sizeof(clat_buf)); @@ -457,10 +457,11 @@ } static int -nat64clat_destroy_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set) +nat64clat_destroy_cb(ipfw_nat64clat_cfg *cfg, const char *name __unused, + uint8_t set) { - if (co.use_set != 0 && cfg->set != set) + if (g_co.use_set != 0 && cfg->set != set) return (ESRCH); nat64clat_destroy(cfg->name, cfg->set); @@ -475,10 +476,10 @@ static int nat64name_cmp(const void *a, const void *b) { - ipfw_nat64clat_cfg *ca, *cb; + const ipfw_nat64clat_cfg *ca, *cb; - ca = (ipfw_nat64clat_cfg *)a; - cb = (ipfw_nat64clat_cfg *)b; + ca = (const ipfw_nat64clat_cfg *)a; + cb = (const ipfw_nat64clat_cfg *)b; if (ca->set > cb->set) return (1); @@ -500,7 +501,8 @@ ipfw_obj_lheader *olh; ipfw_nat64clat_cfg *cfg; size_t sz; - int i, error; + uint32_t i; + int error; /* Start with reasonable default */ sz = sizeof(*olh) + 16 * sizeof(*cfg); Index: head/sbin/ipfw/nat64lsn.c =================================================================== --- head/sbin/ipfw/nat64lsn.c +++ head/sbin/ipfw/nat64lsn.c @@ -84,13 +84,15 @@ nat64lsn_print_states(void *buf) { char s[INET6_ADDRSTRLEN], a[INET_ADDRSTRLEN], f[INET_ADDRSTRLEN]; - char sflags[4], *sf, *proto; + const char *proto; + char sflags[4], *sf; ipfw_obj_header *oh; ipfw_obj_data *od; ipfw_nat64lsn_stg_v1 *stg; ipfw_nat64lsn_state_v1 *ste; uint64_t next_idx; - int i, sz; + uint32_t i; + int sz; oh = (ipfw_obj_header *)buf; od = (ipfw_obj_data *)(oh + 1); @@ -256,8 +258,8 @@ int tcmd; uint8_t set; - if (co.use_set != 0) - set = co.use_set - 1; + if (g_co.use_set != 0) + set = g_co.use_set - 1; else set = 0; ac--; av++; @@ -704,7 +706,7 @@ if (nat64lsn_get_stats(name, set, &stats) != 0) err(EX_OSERR, "Error retrieving stats"); - if (co.use_set != 0 || set != 0) + if (g_co.use_set != 0 || set != 0) printf("set %u ", set); printf("nat64lsn %s\n", name); printf("\t%ju packets translated from IPv6 to IPv4\n", @@ -769,32 +771,32 @@ if (name != NULL && strcmp(cfg->name, name) != 0) return (ESRCH); - if (co.use_set != 0 && cfg->set != set) + if (g_co.use_set != 0 && cfg->set != set) return (ESRCH); - if (co.use_set != 0 || cfg->set != 0) + if (g_co.use_set != 0 || cfg->set != 0) printf("set %u ", cfg->set); inet_ntop(AF_INET, &cfg->prefix4, abuf, sizeof(abuf)); printf("nat64lsn %s prefix4 %s/%u", cfg->name, abuf, cfg->plen4); inet_ntop(AF_INET6, &cfg->prefix6, abuf, sizeof(abuf)); printf(" prefix6 %s/%u", abuf, cfg->plen6); - if (co.verbose || cfg->states_chunks > 1) + if (g_co.verbose || cfg->states_chunks > 1) printf(" states_chunks %u", cfg->states_chunks); - if (co.verbose || cfg->nh_delete_delay != NAT64LSN_HOST_AGE) + if (g_co.verbose || cfg->nh_delete_delay != NAT64LSN_HOST_AGE) printf(" host_del_age %u", cfg->nh_delete_delay); - if (co.verbose || cfg->pg_delete_delay != NAT64LSN_PG_AGE) + if (g_co.verbose || cfg->pg_delete_delay != NAT64LSN_PG_AGE) printf(" pg_del_age %u", cfg->pg_delete_delay); - if (co.verbose || cfg->st_syn_ttl != NAT64LSN_TCP_SYN_AGE) + if (g_co.verbose || cfg->st_syn_ttl != NAT64LSN_TCP_SYN_AGE) printf(" tcp_syn_age %u", cfg->st_syn_ttl); - if (co.verbose || cfg->st_close_ttl != NAT64LSN_TCP_FIN_AGE) + if (g_co.verbose || cfg->st_close_ttl != NAT64LSN_TCP_FIN_AGE) printf(" tcp_close_age %u", cfg->st_close_ttl); - if (co.verbose || cfg->st_estab_ttl != NAT64LSN_TCP_EST_AGE) + if (g_co.verbose || cfg->st_estab_ttl != NAT64LSN_TCP_EST_AGE) printf(" tcp_est_age %u", cfg->st_estab_ttl); - if (co.verbose || cfg->st_udp_ttl != NAT64LSN_UDP_AGE) + if (g_co.verbose || cfg->st_udp_ttl != NAT64LSN_UDP_AGE) printf(" udp_age %u", cfg->st_udp_ttl); - if (co.verbose || cfg->st_icmp_ttl != NAT64LSN_ICMP_AGE) + if (g_co.verbose || cfg->st_icmp_ttl != NAT64LSN_ICMP_AGE) printf(" icmp_age %u", cfg->st_icmp_ttl); - if (co.verbose || cfg->jmaxlen != NAT64LSN_JMAXLEN) + if (g_co.verbose || cfg->jmaxlen != NAT64LSN_JMAXLEN) printf(" jmaxlen %u", cfg->jmaxlen); if (cfg->flags & NAT64_LOG) printf(" log"); @@ -805,10 +807,11 @@ } static int -nat64lsn_destroy_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set) +nat64lsn_destroy_cb(ipfw_nat64lsn_cfg *cfg, const char *name __unused, + uint8_t set) { - if (co.use_set != 0 && cfg->set != set) + if (g_co.use_set != 0 && cfg->set != set) return (ESRCH); nat64lsn_destroy(cfg->name, cfg->set); @@ -823,10 +826,10 @@ static int nat64name_cmp(const void *a, const void *b) { - ipfw_nat64lsn_cfg *ca, *cb; + const ipfw_nat64lsn_cfg *ca, *cb; - ca = (ipfw_nat64lsn_cfg *)a; - cb = (ipfw_nat64lsn_cfg *)b; + ca = (const ipfw_nat64lsn_cfg *)a; + cb = (const ipfw_nat64lsn_cfg *)b; if (ca->set > cb->set) return (1); @@ -848,7 +851,8 @@ ipfw_obj_lheader *olh; ipfw_nat64lsn_cfg *cfg; size_t sz; - int i, error; + uint32_t i; + int error; /* Start with reasonable default */ sz = sizeof(*olh) + 16 * sizeof(ipfw_nat64lsn_cfg); Index: head/sbin/ipfw/nat64stl.c =================================================================== --- head/sbin/ipfw/nat64stl.c +++ head/sbin/ipfw/nat64stl.c @@ -128,8 +128,8 @@ int tcmd; uint8_t set; - if (co.use_set != 0) - set = co.use_set - 1; + if (g_co.use_set != 0) + set = g_co.use_set - 1; else set = 0; ac--; av++; @@ -405,7 +405,7 @@ if (nat64stl_get_stats(name, set, &stats) != 0) err(EX_OSERR, "Error retrieving stats"); - if (co.use_set != 0 || set != 0) + if (g_co.use_set != 0 || set != 0) printf("set %u ", set); printf("nat64stl %s\n", name); @@ -454,10 +454,10 @@ if (name != NULL && strcmp(cfg->name, name) != 0) return (ESRCH); - if (co.use_set != 0 && cfg->set != set) + if (g_co.use_set != 0 && cfg->set != set) return (ESRCH); - if (co.use_set != 0 || cfg->set != 0) + if (g_co.use_set != 0 || cfg->set != 0) printf("set %u ", cfg->set); printf("nat64stl %s table4 %s table6 %s", @@ -473,10 +473,11 @@ } static int -nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set) +nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name __unused, + uint8_t set) { - if (co.use_set != 0 && cfg->set != set) + if (g_co.use_set != 0 && cfg->set != set) return (ESRCH); nat64stl_destroy(cfg->name, cfg->set); @@ -491,10 +492,10 @@ static int nat64name_cmp(const void *a, const void *b) { - ipfw_nat64stl_cfg *ca, *cb; + const ipfw_nat64stl_cfg *ca, *cb; - ca = (ipfw_nat64stl_cfg *)a; - cb = (ipfw_nat64stl_cfg *)b; + ca = (const ipfw_nat64stl_cfg *)a; + cb = (const ipfw_nat64stl_cfg *)b; if (ca->set > cb->set) return (1); @@ -516,7 +517,8 @@ ipfw_obj_lheader *olh; ipfw_nat64stl_cfg *cfg; size_t sz; - int i, error; + uint32_t i; + int error; /* Start with reasonable default */ sz = sizeof(*olh) + 16 * sizeof(*cfg); Index: head/sbin/ipfw/nptv6.c =================================================================== --- head/sbin/ipfw/nptv6.c +++ head/sbin/ipfw/nptv6.c @@ -89,8 +89,8 @@ int tcmd; uint8_t set; - if (co.use_set != 0) - set = co.use_set - 1; + if (g_co.use_set != 0) + set = g_co.use_set - 1; else set = 0; ac--; av++; @@ -193,7 +193,7 @@ ipfw_nptv6_cfg *cfg; ipfw_obj_lheader *olh; int tcmd, flags, plen; - char *p = "\0"; + char *p; plen = 0; memset(buf, 0, sizeof(buf)); @@ -326,7 +326,7 @@ if (nptv6_get_stats(name, set, &stats) != 0) err(EX_OSERR, "Error retrieving stats"); - if (co.use_set != 0 || set != 0) + if (g_co.use_set != 0 || set != 0) printf("set %u ", set); printf("nptv6 %s\n", name); printf("\t%ju packets translated (internal to external)\n", @@ -360,10 +360,10 @@ if (name != NULL && strcmp(cfg->name, name) != 0) return (ESRCH); - if (co.use_set != 0 && cfg->set != set) + if (g_co.use_set != 0 && cfg->set != set) return (ESRCH); - if (co.use_set != 0 || cfg->set != 0) + if (g_co.use_set != 0 || cfg->set != 0) printf("set %u ", cfg->set); inet_ntop(AF_INET6, &cfg->internal, abuf, sizeof(abuf)); printf("nptv6 %s int_prefix %s ", cfg->name, abuf); @@ -378,10 +378,10 @@ } static int -nptv6_destroy_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set) +nptv6_destroy_cb(ipfw_nptv6_cfg *cfg, const char *name __unused, uint8_t set) { - if (co.use_set != 0 && cfg->set != set) + if (g_co.use_set != 0 && cfg->set != set) return (ESRCH); nptv6_destroy(cfg->name, cfg->set); @@ -396,10 +396,10 @@ static int nptv6name_cmp(const void *a, const void *b) { - ipfw_nptv6_cfg *ca, *cb; + const ipfw_nptv6_cfg *ca, *cb; - ca = (ipfw_nptv6_cfg *)a; - cb = (ipfw_nptv6_cfg *)b; + ca = (const ipfw_nptv6_cfg *)a; + cb = (const ipfw_nptv6_cfg *)b; if (ca->set > cb->set) return (1); @@ -419,7 +419,8 @@ ipfw_obj_lheader *olh; ipfw_nptv6_cfg *cfg; size_t sz; - int i, error; + uint32_t i; + int error; /* Start with reasonable default */ sz = sizeof(*olh) + 16 * sizeof(*cfg); Index: head/sbin/ipfw/tables.c =================================================================== --- head/sbin/ipfw/tables.c +++ head/sbin/ipfw/tables.c @@ -159,8 +159,8 @@ memset(&oh, 0, sizeof(oh)); is_all = 0; - if (co.use_set != 0) - set = co.use_set - 1; + if (g_co.use_set != 0) + set = g_co.use_set - 1; else set = 0; @@ -213,8 +213,8 @@ case TOK_DEL: do_add = **av == 'a'; ac--; av++; - table_modify_record(&oh, ac, av, do_add, co.do_quiet, - co.do_quiet, atomic); + table_modify_record(&oh, ac, av, do_add, g_co.do_quiet, + g_co.do_quiet, atomic); break; case TOK_CREATE: ac--; av++; @@ -232,7 +232,7 @@ err(EX_OSERR, "failed to destroy table %s", tablename); /* ESRCH isn't fatal, warn if not quiet mode */ - if (co.do_quiet == 0) + if (g_co.do_quiet == 0) warn("failed to destroy table %s", tablename); } else { error = tables_foreach(table_destroy_one, &oh, 1); @@ -249,7 +249,7 @@ err(EX_OSERR, "failed to flush table %s info", tablename); /* ESRCH isn't fatal, warn if not quiet mode */ - if (co.do_quiet == 0) + if (g_co.do_quiet == 0) warn("failed to flush table %s info", tablename); } else { @@ -284,7 +284,6 @@ case TOK_LIST: arg = is_all ? (void*)1 : NULL; if (is_all == 0) { - ipfw_xtable_info i; if ((error = table_get_info(&oh, &i)) != 0) err(EX_OSERR, "failed to request table info"); table_show_one(&i, arg); @@ -341,7 +340,7 @@ { NULL, 0 } }; -int +static int table_parse_type(uint8_t ttype, char *p, uint8_t *tflags) { uint32_t fset, fclear; @@ -363,7 +362,7 @@ return (0); } -void +static void table_print_type(char *tbuf, size_t size, uint8_t type, uint8_t tflags) { const char *tname; @@ -614,7 +613,7 @@ oh = (ipfw_obj_header *)arg; table_fill_ntlv(&oh->ntlv, i->tablename, i->set, 1); if (table_destroy(oh) != 0) { - if (co.do_quiet == 0) + if (g_co.do_quiet == 0) warn("failed to destroy table(%s) in set %u", i->tablename, i->set); return (-1); @@ -723,7 +722,7 @@ * Print global/per-AF table @i algorithm info. */ static void -table_show_tainfo(ipfw_xtable_info *i, struct ta_cldata *d, +table_show_tainfo(ipfw_xtable_info *i __unused, struct ta_cldata *d, const char *af, const char *taclass) { @@ -935,10 +934,10 @@ { ipfw_obj_tentry *ptent, tent, *tent_buf; ipfw_xtable_info xi; + const char *etxt, *px, *texterr; uint8_t type; uint32_t vmask; int cmd, count, error, i, ignored; - char *texterr, *etxt, *px; if (ac == 0) errx(EX_USAGE, "address required"); @@ -1434,7 +1433,7 @@ error = 0; if (error == 0) { - if (co.test_only == 0) { + if (g_co.test_only == 0) { /* Table found */ type = xi->type; tflags = xi->tflags; @@ -1494,16 +1493,17 @@ } static void -tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg, - uint8_t type, uint32_t vmask) +tentry_fill_value(ipfw_obj_header *oh __unused, ipfw_obj_tentry *tent, + char *arg, uint8_t type __unused, uint32_t vmask) { struct addrinfo hints, *res; + struct in_addr ipaddr; + const char *etype; + char *comma, *e, *n, *p; uint32_t a4, flag, val; ipfw_table_value *v; uint32_t i; int dval; - char *comma, *e, *etype, *n, *p; - struct in_addr ipaddr; v = &tent->v.value; @@ -1535,7 +1535,7 @@ n = arg; etype = NULL; - for (i = 1; i < (1 << 31); i *= 2) { + for (i = 1; i < (1u << 31); i *= 2) { if ((flag = (vmask & i)) == 0) continue; vmask &= ~flag; @@ -1649,10 +1649,10 @@ static int tablename_cmp(const void *a, const void *b) { - ipfw_xtable_info *ia, *ib; + const ipfw_xtable_info *ia, *ib; - ia = (ipfw_xtable_info *)a; - ib = (ipfw_xtable_info *)b; + ia = (const ipfw_xtable_info *)a; + ib = (const ipfw_xtable_info *)b; return (stringnum_cmp(ia->tablename, ib->tablename)); } @@ -1668,7 +1668,8 @@ ipfw_obj_lheader *olh; ipfw_xtable_info *info; size_t sz; - int i, error; + uint32_t i; + int error; /* Start with reasonable default */ sz = sizeof(*olh) + 16 * sizeof(ipfw_xtable_info); @@ -1692,7 +1693,7 @@ info = (ipfw_xtable_info *)(olh + 1); for (i = 0; i < olh->count; i++) { - if (co.use_set == 0 || info->set == co.use_set - 1) + if (g_co.use_set == 0 || info->set == g_co.use_set - 1) error = f(info, arg); info = (ipfw_xtable_info *)((caddr_t)info + olh->objsize); @@ -1791,7 +1792,7 @@ return; } - for (i = 1; i < (1 << 31); i *= 2) { + for (i = 1; i < (1u << 31); i *= 2) { if ((flag = (vmask & i)) == 0) continue; l = 0; @@ -1853,12 +1854,13 @@ static void table_show_entry(ipfw_xtable_info *i, ipfw_obj_tentry *tent) { - char *comma, tbuf[128], pval[128]; + char tbuf[128], pval[128]; + const char *comma; void *paddr; struct tflow_entry *tfe; table_show_value(pval, sizeof(pval), &tent->v.value, i->vmask, - co.do_value_as_ip); + g_co.do_value_as_ip); switch (i->type) { case IPFW_TABLE_ADDR: @@ -1961,12 +1963,13 @@ } void -ipfw_list_ta(int ac, char *av[]) +ipfw_list_ta(int ac __unused, char *av[] __unused) { ipfw_obj_lheader *olh; ipfw_ta_info *info; - int error, i; const char *atype; + uint32_t i; + int error; error = table_do_get_algolist(&olh); if (error != 0) @@ -2006,13 +2009,13 @@ uint64_t refcnt; /* Number of references */ }; -int +static int compare_values(const void *_a, const void *_b) { - struct _table_value *a, *b; + const struct _table_value *a, *b; - a = (struct _table_value *)_a; - b = (struct _table_value *)_b; + a = (const struct _table_value *)_a; + b = (const struct _table_value *)_b; if (a->spare1 < b->spare1) return (-1); @@ -2023,13 +2026,13 @@ } void -ipfw_list_values(int ac, char *av[]) +ipfw_list_values(int ac __unused, char *av[] __unused) { + char buf[128]; ipfw_obj_lheader *olh; struct _table_value *v; - int error, i; - uint32_t vmask; - char buf[128]; + uint32_t i, vmask; + int error; error = table_do_get_vlist(&olh); if (error != 0)