Author: markj
Date: Mon Jul 13 17:51:04 2020
New Revision: 363164
URL: https://svnweb.freebsd.org/changeset/base/363164

Log:
  ipfw(8): Fix most warnings with the default WARNS level.
  
  - Add missing const and static qualifiers.
  - Avoid shadowing the global "co" by renaming it to "g_co".
  - Avoid mixing signedness in loop bound checks.
  - Leave -Wcast-align warnings disabled for now.
  
  Reviewed by:  ae, melifaro
  MFC after:    2 weeks
  Differential Revision:        https://reviews.freebsd.org/D25456

Modified:
  head/sbin/ipfw/Makefile
  head/sbin/ipfw/altq.c
  head/sbin/ipfw/dummynet.c
  head/sbin/ipfw/ipfw2.c
  head/sbin/ipfw/ipfw2.h
  head/sbin/ipfw/ipv6.c
  head/sbin/ipfw/main.c
  head/sbin/ipfw/nat.c
  head/sbin/ipfw/nat64clat.c
  head/sbin/ipfw/nat64lsn.c
  head/sbin/ipfw/nat64stl.c
  head/sbin/ipfw/nptv6.c
  head/sbin/ipfw/tables.c

Modified: head/sbin/ipfw/Makefile
==============================================================================
--- head/sbin/ipfw/Makefile     Mon Jul 13 17:20:20 2020        (r363163)
+++ head/sbin/ipfw/Makefile     Mon Jul 13 17:51:04 2020        (r363164)
@@ -6,7 +6,6 @@ PACKAGE=ipfw
 PROG=  ipfw
 SRCS=  ipfw2.c dummynet.c ipv6.c main.c nat.c tables.c
 SRCS+= nat64clat.c nat64lsn.c nat64stl.c nptv6.c
-WARNS?=        2
 
 .if ${MK_PF} != "no"
 SRCS+= altq.c
@@ -17,3 +16,5 @@ LIBADD=       jail util
 MAN=   ipfw.8
 
 .include <bsd.prog.mk>
+
+CWARNFLAGS+= -Wno-cast-align

Modified: head/sbin/ipfw/altq.c
==============================================================================
--- head/sbin/ipfw/altq.c       Mon Jul 13 17:20:20 2020        (r363163)
+++ head/sbin/ipfw/altq.c       Mon Jul 13 17:51:04 2020        (r363164)
@@ -140,7 +140,7 @@ altq_qid_to_name(u_int32_t qid)
 }
 
 void
-print_altq_cmd(struct buf_pr *bp, ipfw_insn_altq *altqptr)
+print_altq_cmd(struct buf_pr *bp, const ipfw_insn_altq *altqptr)
 {
        if (altqptr) {
                const char *qname;

Modified: head/sbin/ipfw/dummynet.c
==============================================================================
--- head/sbin/ipfw/dummynet.c   Mon Jul 13 17:20:20 2020        (r363163)
+++ head/sbin/ipfw/dummynet.c   Mon Jul 13 17:51:04 2020        (r363164)
@@ -166,8 +166,8 @@ enum {
 #define PIE_SCALE (1L<<PIE_FIX_POINT_BITS)
 
 /* integer to time */
-void 
-us_to_time(int t,char *strt)
+static void
+us_to_time(int t, char *strt)
 {
        if (t < 0)
                strt[0]='\0';
@@ -221,7 +221,7 @@ time_to_us(const char *s)
 
  
 /* Get AQM or scheduler extra parameters  */
-void
+static void
 get_extra_parms(uint32_t nr, char *out, int subtype)
 { 
        struct dn_extra_parms *ep;
@@ -586,7 +586,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end)
                break;
            }
        case DN_CMD_GET:
-           if (co.verbose)
+           if (g_co.verbose)
                printf("answer for cmd %d, len %d\n", oid->type, oid->id);
            break;
        case DN_SCH: {
@@ -636,7 +636,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end)
                sprintf(bwbuf, "%7.3f bit/s ", b);
 
            if (humanize_number(burst, sizeof(burst), p->burst,
-                   "", HN_AUTOSCALE, 0) < 0 || co.verbose)
+                   "", HN_AUTOSCALE, 0) < 0 || g_co.verbose)
                sprintf(burst, "%d", (int)p->burst);
            sprintf(buf, "%05d: %s %4d ms burst %s",
                p->link_nr % DN_MAX_ID, bwbuf, p->delay, burst);
@@ -1317,7 +1317,7 @@ ipfw_config_pipe(int ac, char **av)
        o_next(&buf, sizeof(struct dn_id), DN_CMD_CONFIG);
        base->id = DN_API_VERSION;
 
-       switch (co.do_pipe) {
+       switch (g_co.do_pipe) {
        case 1: /* "pipe N config ..." */
                /* Allocate space for the WF2Q+ scheduler, its link
                 * and the FIFO flowset. Set the number, but leave
@@ -1893,7 +1893,7 @@ parse_range(int ac, char *av[], uint32_t *v, int len)
                }
                n++;
                /* translate if 'pipe list' */
-               if (co.do_pipe == 1) {
+               if (g_co.do_pipe == 1) {
                        v[0] += DN_MAX_ID;
                        v[1] += DN_MAX_ID;
                }
@@ -1947,7 +1947,7 @@ dummynet_list(int ac, char *av[], int show_counters)
        if (max_size < sizeof(struct dn_flow))
                max_size = sizeof(struct dn_flow);
 
-       switch (co.do_pipe) {
+       switch (g_co.do_pipe) {
        case 1:
                oid->subtype = DN_LINK; /* list pipe */
                break;

Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c      Mon Jul 13 17:20:20 2020        (r363163)
+++ head/sbin/ipfw/ipfw2.c      Mon Jul 13 17:51:04 2020        (r363164)
@@ -57,7 +57,7 @@
 #include <netinet/tcp.h>
 #include <arpa/inet.h>
 
-struct cmdline_opts co;        /* global options */
+struct cmdline_opts g_co;      /* global options */
 
 struct format_opts {
        int bcwidth;
@@ -74,7 +74,7 @@ struct format_opts {
 
 int resvd_set_number = RESVD_SET;
 
-int ipfw_socket = -1;
+static int ipfw_socket = -1;
 
 #define        CHECK_LENGTH(v, len) do {                               \
        if ((v) < (len))                                        \
@@ -395,8 +395,8 @@ static int ipfw_show_config(struct cmdline_opts *co, s
 static void ipfw_list_tifaces(void);
 
 struct tidx;
-static uint16_t pack_object(struct tidx *tstate, char *name, int otype);
-static uint16_t pack_table(struct tidx *tstate, char *name);
+static uint16_t pack_object(struct tidx *tstate, const char *name, int otype);
+static uint16_t pack_table(struct tidx *tstate, const char *name);
 
 static char *table_search_ctlv(ipfw_obj_ctlv *ctlv, uint16_t idx);
 static void object_sort_ctlv(ipfw_obj_ctlv *ctlv);
@@ -456,7 +456,7 @@ bp_flush(struct buf_pr *b)
  * Returns number of bytes that should have been printed.
  */
 int
-bprintf(struct buf_pr *b, char *format, ...)
+bprintf(struct buf_pr *b, const char *format, ...)
 {
        va_list args;
        int i;
@@ -466,7 +466,7 @@ bprintf(struct buf_pr *b, char *format, ...)
        i = vsnprintf(b->ptr, b->avail, format, args);
        va_end(args);
 
-       if (i > b->avail || i < 0) {
+       if (i < 0 || (size_t)i > b->avail) {
                /* Overflow or print error */
                b->avail = 0;
        } else {
@@ -569,7 +569,7 @@ do_cmd(int optname, void *optval, uintptr_t optlen)
 {
        int i;
 
-       if (co.test_only)
+       if (g_co.test_only)
                return 0;
 
        if (ipfw_socket == -1)
@@ -606,7 +606,7 @@ int
 do_set3(int optname, ip_fw3_opheader *op3, size_t optlen)
 {
 
-       if (co.test_only)
+       if (g_co.test_only)
                return (0);
 
        if (ipfw_socket == -1)
@@ -635,7 +635,7 @@ do_get3(int optname, ip_fw3_opheader *op3, size_t *opt
        int error;
        socklen_t len;
 
-       if (co.test_only)
+       if (g_co.test_only)
                return (0);
 
        if (ipfw_socket == -1)
@@ -725,7 +725,8 @@ match_value(struct _s_x *p, int value)
 }
 
 size_t
-concat_tokens(char *buf, size_t bufsize, struct _s_x *table, char *delimiter)
+concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
+    const char *delimiter)
 {
        struct _s_x *pt;
        int l;
@@ -788,7 +789,7 @@ print_flags_buffer(char *buf, size_t sz, struct _s_x *
                
                set &= ~list[i].x;
                l = snprintf(buf, sz, "%s%s", comma, list[i].s);
-               if (l >= sz)
+               if (l < 0 || (size_t)l >= sz)
                        return;
                comma = ",";
                buf += l;
@@ -856,13 +857,13 @@ print_port(struct buf_pr *bp, int proto, uint16_t port
        if (proto == IPPROTO_ETHERTYPE) {
                char const *s;
 
-               if (co.do_resolv && (s = match_value(ether_types, port)) )
+               if (g_co.do_resolv && (s = match_value(ether_types, port)) )
                        bprintf(bp, "%s", s);
                else
                        bprintf(bp, "0x%04x", port);
        } else {
                struct servent *se = NULL;
-               if (co.do_resolv) {
+               if (g_co.do_resolv) {
                        struct protoent *pe = getprotobynumber(proto);
 
                        se = getservbyport(htons(port), pe ? pe->p_name : NULL);
@@ -893,9 +894,9 @@ static struct _s_x _port_name[] = {
  * XXX todo: add support for mask.
  */
 static void
-print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, int proto, int opcode)
+print_newports(struct buf_pr *bp, const ipfw_insn_u16 *cmd, int proto, int 
opcode)
 {
-       uint16_t *p = cmd->ports;
+       const uint16_t *p = cmd->ports;
        int i;
        char const *sep;
 
@@ -906,7 +907,7 @@ print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, 
                bprintf(bp, " %s", sep);
        }
        sep = " ";
-       for (i = F_LEN((ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
+       for (i = F_LEN((const ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
                bprintf(bp, "%s", sep);
                print_port(bp, proto, p[0]);
                if (p[0] != p[1]) {
@@ -1134,7 +1135,7 @@ print_reject_code(struct buf_pr *bp, uint16_t code)
  * len is the max length in bits.
  */
 int
-contigmask(uint8_t *p, int len)
+contigmask(const uint8_t *p, int len)
 {
        int i, n;
 
@@ -1152,7 +1153,7 @@ contigmask(uint8_t *p, int len)
  * There is a specialized check for f_tcpflags.
  */
 static void
-print_flags(struct buf_pr *bp, char const *name, ipfw_insn *cmd,
+print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd,
     struct _s_x *list)
 {
        char const *comma = "";
@@ -1185,12 +1186,13 @@ print_flags(struct buf_pr *bp, char const *name, ipfw_
  * Print the ip address contained in a command.
  */
 static void
-print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
+print_ip(struct buf_pr *bp, const struct format_opts *fo,
+    const ipfw_insn_ip *cmd)
 {
        struct hostent *he = NULL;
-       struct in_addr *ia;
-       uint32_t len = F_LEN((ipfw_insn *)cmd);
-       uint32_t *a = ((ipfw_insn_u32 *)cmd)->d;
+       const struct in_addr *ia;
+       const uint32_t *a = ((const ipfw_insn_u32 *)cmd)->d;
+       uint32_t len = F_LEN((const ipfw_insn *)cmd);
        char *t;
 
        bprintf(bp, " ");
@@ -1200,7 +1202,8 @@ print_ip(struct buf_pr *bp, const struct format_opts *
 
                if (d < sizeof(lookup_key)/sizeof(lookup_key[0]))
                        arg = match_value(rule_options, lookup_key[d]);
-               t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1);
+               t = table_search_ctlv(fo->tstate,
+                   ((const ipfw_insn *)cmd)->arg1);
                bprintf(bp, "lookup %s %s", arg, t);
                return;
        }
@@ -1210,7 +1213,8 @@ print_ip(struct buf_pr *bp, const struct format_opts *
        }
        if (cmd->o.opcode == O_IP_SRC_LOOKUP ||
            cmd->o.opcode == O_IP_DST_LOOKUP) {
-               t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1);
+               t = table_search_ctlv(fo->tstate,
+                   ((const ipfw_insn *)cmd)->arg1);
                bprintf(bp, "table(%s", t);
                if (len == F_INSN_SIZE(ipfw_insn_u32))
                        bprintf(bp, ",%u", *a);
@@ -1218,16 +1222,18 @@ print_ip(struct buf_pr *bp, const struct format_opts *
                return;
        }
        if (cmd->o.opcode == O_IP_SRC_SET || cmd->o.opcode == O_IP_DST_SET) {
-               uint32_t x, *map = (uint32_t *)&(cmd->mask);
+               const uint32_t *map = (const uint32_t *)&cmd->mask;
+               struct in_addr addr;
+               uint32_t x;
                int i, j;
                char comma = '{';
 
                x = cmd->o.arg1 - 1;
-               x = htonl( ~x );
-               cmd->addr.s_addr = htonl(cmd->addr.s_addr);
-               bprintf(bp, "%s/%d", inet_ntoa(cmd->addr),
-                       contigmask((uint8_t *)&x, 32));
-               x = cmd->addr.s_addr = htonl(cmd->addr.s_addr);
+               x = htonl(~x);
+               addr.s_addr = htonl(cmd->addr.s_addr);
+               bprintf(bp, "%s/%d", inet_ntoa(addr),
+                   contigmask((uint8_t *)&x, 32));
+               x = cmd->addr.s_addr;
                x &= 0xff; /* base */
                /*
                 * Print bits and ranges.
@@ -1258,19 +1264,19 @@ print_ip(struct buf_pr *bp, const struct format_opts *
     for (len = len / 2; len > 0; len--, a += 2) {
        int mb =        /* mask length */
            (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ?
-               32 : contigmask((uint8_t *)&(a[1]), 32);
-       if (mb == 32 && co.do_resolv)
-               he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t),
+               32 : contigmask((const uint8_t *)&(a[1]), 32);
+       if (mb == 32 && g_co.do_resolv)
+               he = gethostbyaddr((const char *)&(a[0]), sizeof(in_addr_t),
                    AF_INET);
        if (he != NULL)         /* resolved to name */
                bprintf(bp, "%s", he->h_name);
        else if (mb == 0)       /* any */
                bprintf(bp, "any");
        else {          /* numeric IP followed by some kind of mask */
-               ia = (struct in_addr *)&a[0];
+               ia = (const struct in_addr *)&a[0];
                bprintf(bp, "%s", inet_ntoa(*ia));
                if (mb < 0) {
-                       ia = (struct in_addr *)&a[1];
+                       ia = (const struct in_addr *)&a[1];
                        bprintf(bp, ":%s", inet_ntoa(*ia));
                } else if (mb < 32)
                        bprintf(bp, "/%d", mb);
@@ -1284,7 +1290,7 @@ print_ip(struct buf_pr *bp, const struct format_opts *
  * prints a MAC address/mask pair
  */
 static void
-format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *mask)
+format_mac(struct buf_pr *bp, const uint8_t *addr, const uint8_t *mask)
 {
        int l = contigmask(mask, 48);
 
@@ -1303,7 +1309,7 @@ format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *
 }
 
 static void
-print_mac(struct buf_pr *bp, ipfw_insn_mac *mac)
+print_mac(struct buf_pr *bp, const ipfw_insn_mac *mac)
 {
 
        bprintf(bp, " MAC");
@@ -1336,7 +1342,7 @@ fill_icmptypes(ipfw_insn_u32 *cmd, char *av)
 }
 
 static void
-print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_icmptypes(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
 {
        int i;
        char sep= ' ';
@@ -1351,12 +1357,12 @@ print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd)
 }
 
 static void
-print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_dscp(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
 {
+       const uint32_t *v;
+       const char *code;
        int i = 0;
-       uint32_t *v;
        char sep= ' ';
-       const char *code;
 
        bprintf(bp, " dscp");
        v = cmd->d;
@@ -1374,7 +1380,7 @@ print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd)
        }
 }
 
-#define        insntod(cmd, type)      ((ipfw_insn_ ## type *)(cmd))
+#define        insntod(cmd, type)      ((const ipfw_insn_ ## type *)(cmd))
 struct show_state {
        struct ip_fw_rule       *rule;
        const ipfw_insn         *eaction;
@@ -1443,7 +1449,7 @@ print_limit_mask(struct buf_pr *bp, const ipfw_insn_li
 
 static int
 print_instruction(struct buf_pr *bp, const struct format_opts *fo,
-    struct show_state *state, ipfw_insn *cmd)
+    struct show_state *state, const ipfw_insn *cmd)
 {
        struct protoent *pe;
        struct passwd *pwd;
@@ -1685,7 +1691,7 @@ print_instruction(struct buf_pr *bp, const struct form
                bprintf(bp, " ipsec");
                break;
        case O_NOP:
-               bprintf(bp, " // %s", (char *)(cmd + 1));
+               bprintf(bp, " // %s", (const char *)(cmd + 1));
                break;
        case O_KEEP_STATE:
                if (state->flags & HAVE_PROBE_STATE)
@@ -1777,8 +1783,8 @@ static void
 print_fwd(struct buf_pr *bp, const ipfw_insn *cmd)
 {
        char buf[INET6_ADDRSTRLEN + IF_NAMESIZE + 2];
-       ipfw_insn_sa6 *sa6;
-       ipfw_insn_sa *sa;
+       const ipfw_insn_sa6 *sa6;
+       const ipfw_insn_sa *sa;
        uint16_t port;
 
        if (cmd->opcode == O_FORWARD_IP) {
@@ -2056,7 +2062,7 @@ print_proto(struct buf_pr *bp, struct format_opts *fo,
 static int
 match_opcode(int opcode, const int opcodes[], size_t nops)
 {
-       int i;
+       size_t i;
 
        for (i = 0; i < nops; i++)
                if (opcode == opcodes[i])
@@ -2138,10 +2144,10 @@ static void
 show_static_rule(struct cmdline_opts *co, struct format_opts *fo,
     struct buf_pr *bp, struct ip_fw_rule *rule, struct ip_fw_bcounter *cntr)
 {
+       static int twidth = 0;
        struct show_state state;
        ipfw_insn *cmd;
-       static int twidth = 0;
-       int i;
+       size_t i;
 
        /* Print # DISABLED or skip the rule */
        if ((fo->set_mask & (1 << rule->set)) == 0) {
@@ -2361,7 +2367,7 @@ void
 ipfw_sets_handler(char *av[])
 {
        ipfw_range_tlv rt;
-       char *msg;
+       const char *msg;
        size_t size;
        uint32_t masks[2];
        int i;
@@ -2378,7 +2384,7 @@ ipfw_sets_handler(char *av[])
                ipfw_cfg_lheader *cfg;
 
                memset(&fo, 0, sizeof(fo));
-               if (ipfw_get_config(&co, &fo, &cfg, &size) != 0)
+               if (ipfw_get_config(&g_co, &fo, &cfg, &size) != 0)
                        err(EX_OSERR, "requesting config failed");
 
                for (i = 0, msg = "disable"; i < RESVD_SET; i++)
@@ -2507,7 +2513,7 @@ typedef void state_cb(struct cmdline_opts *co, struct 
 
 static void
 prepare_format_dyn(struct cmdline_opts *co, struct format_opts *fo,
-    void *arg, void *_state)
+    void *arg __unused, void *_state)
 {
        ipfw_dyn_rule *d;
        int width;
@@ -2701,11 +2707,11 @@ ipfw_list(int ac, char *av[], int show_counters)
        uint32_t rnum;
        char *endptr;
 
-       if (co.test_only) {
+       if (g_co.test_only) {
                fprintf(stderr, "Testing only, list disabled\n");
                return;
        }
-       if (co.do_pipe) {
+       if (g_co.do_pipe) {
                dummynet_list(ac, av, show_counters);
                return;
        }
@@ -2731,17 +2737,17 @@ ipfw_list(int ac, char *av[], int show_counters)
        /* get configuraion from kernel */
        cfg = NULL;
        sfo.show_counters = show_counters;
-       sfo.show_time = co.do_time;
-       if (co.do_dynamic != 2)
+       sfo.show_time = g_co.do_time;
+       if (g_co.do_dynamic != 2)
                sfo.flags |= IPFW_CFG_GET_STATIC;
-       if (co.do_dynamic != 0)
+       if (g_co.do_dynamic != 0)
                sfo.flags |= IPFW_CFG_GET_STATES;
        if ((sfo.show_counters | sfo.show_time) != 0)
                sfo.flags |= IPFW_CFG_GET_COUNTERS;
-       if (ipfw_get_config(&co, &sfo, &cfg, &sz) != 0)
+       if (ipfw_get_config(&g_co, &sfo, &cfg, &sz) != 0)
                err(EX_OSERR, "retrieving config failed");
 
-       error = ipfw_show_config(&co, &sfo, cfg, sz, ac, av);
+       error = ipfw_show_config(&g_co, &sfo, cfg, sz, ac, av);
 
        free(cfg);
 
@@ -2974,7 +2980,8 @@ ipfw_check_object_name(const char *name)
        return (0);
 }
 
-static char *default_state_name = "default";
+static const char *default_state_name = "default";
+
 static int
 state_check_name(const char *name)
 {
@@ -3000,10 +3007,10 @@ eaction_check_name(const char *name)
 }
 
 static uint16_t
-pack_object(struct tidx *tstate, char *name, int otype)
+pack_object(struct tidx *tstate, const char *name, int otype)
 {
-       int i;
        ipfw_obj_ntlv *ntlv;
+       uint32_t i;
 
        for (i = 0; i < tstate->count; i++) {
                if (strcmp(tstate->idx[i].name, name) != 0)
@@ -3037,7 +3044,7 @@ pack_object(struct tidx *tstate, char *name, int otype
 }
 
 static uint16_t
-pack_table(struct tidx *tstate, char *name)
+pack_table(struct tidx *tstate, const char *name)
 {
 
        if (table_check_name(name) != 0)
@@ -3116,7 +3123,7 @@ fill_ip(ipfw_insn_ip *cmd, char *av, int cblen, struct
        int masklen;
        char md, nd = '\0';
 
-       CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn) + 2 + len);
+       CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn) + 2 + len);
 
        if (p) {
                md = *p;
@@ -3314,7 +3321,7 @@ ipfw_delete(char *av[])
                /* Do not allow using the following syntax:
                 *      ipfw set N delete set M
                 */
-               if (co.use_set)
+               if (g_co.use_set)
                        errx(EX_DATAERR, "invalid syntax");
                do_set = 1;     /* delete set */
                av++;
@@ -3327,10 +3334,10 @@ ipfw_delete(char *av[])
                if (*sep== '-')
                        j = strtol(sep + 1, NULL, 10);
                av++;
-               if (co.do_nat) {
+               if (g_co.do_nat) {
                        exitval = ipfw_delete_nat(i);
-               } else if (co.do_pipe) {
-                       exitval = ipfw_delete_pipe(co.do_pipe, i);
+               } else if (g_co.do_pipe) {
+                       exitval = ipfw_delete_pipe(g_co.do_pipe, i);
                } else {
                        memset(&rt, 0, sizeof(rt));
                        if (do_set != 0) {
@@ -3343,24 +3350,24 @@ ipfw_delete(char *av[])
                                        rt.flags |= IPFW_RCFLAG_ALL;
                                else
                                        rt.flags |= IPFW_RCFLAG_RANGE;
-                               if (co.use_set != 0) {
-                                       rt.set = co.use_set - 1;
+                               if (g_co.use_set != 0) {
+                                       rt.set = g_co.use_set - 1;
                                        rt.flags |= IPFW_RCFLAG_SET;
                                }
                        }
-                       if (co.do_dynamic == 2)
+                       if (g_co.do_dynamic == 2)
                                rt.flags |= IPFW_RCFLAG_DYNAMIC;
                        i = do_range_cmd(IP_FW_XDEL, &rt);
                        if (i != 0) {
                                exitval = EX_UNAVAILABLE;
-                               if (co.do_quiet)
+                               if (g_co.do_quiet)
                                        continue;
                                warn("rule %u: setsockopt(IP_FW_XDEL)",
                                    rt.start_rule);
                        } else if (rt.new_set == 0 && do_set == 0 &&
-                           co.do_dynamic != 2) {
+                           g_co.do_dynamic != 2) {
                                exitval = EX_UNAVAILABLE;
-                               if (co.do_quiet)
+                               if (g_co.do_quiet)
                                        continue;
                                if (rt.start_rule != rt.end_rule)
                                        warnx("no rules rules in %u-%u range",
@@ -3371,7 +3378,7 @@ ipfw_delete(char *av[])
                        }
                }
        }
-       if (exitval != EX_OK && co.do_force == 0)
+       if (exitval != EX_OK && g_co.do_force == 0)
                exit(exitval);
 }
 
@@ -3696,7 +3703,7 @@ add_src(ipfw_insn *cmd, char *av, u_char proto, int cb
        struct in6_addr a;
        char *host, *ch, buf[INET6_ADDRSTRLEN];
        ipfw_insn *ret = NULL;
-       int len;
+       size_t len;
 
        /* Copy first address in set if needed */
        if ((ch = strpbrk(av, "/,")) != NULL) {
@@ -3727,7 +3734,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cb
        struct in6_addr a;
        char *host, *ch, buf[INET6_ADDRSTRLEN];
        ipfw_insn *ret = NULL;
-       int len;
+       size_t len;
 
        /* Copy first address in set if needed */
        if ((ch = strpbrk(av, "/,")) != NULL) {
@@ -3764,7 +3771,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cb
  * various match patterns, log/altq actions, and the actual action.
  *
  */
-void
+static void
 compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate)
 {
        /*
@@ -4250,7 +4257,7 @@ chkarg:
                                len = sizeof(c->max_log);
                                if (sysctlbyname("net.inet.ip.fw.verbose_limit",
                                    &c->max_log, &len, NULL, 0) == -1) {
-                                       if (co.test_only) {
+                                       if (g_co.test_only) {
                                                c->max_log = 0;
                                                break;
                                        }
@@ -5138,10 +5145,10 @@ done:
 static int
 compare_ntlv(const void *_a, const void *_b)
 {
-       ipfw_obj_ntlv *a, *b;
+       const ipfw_obj_ntlv *a, *b;
 
-       a = (ipfw_obj_ntlv *)_a;
-       b = (ipfw_obj_ntlv *)_b;
+       a = (const ipfw_obj_ntlv *)_a;
+       b = (const ipfw_obj_ntlv *)_b;
 
        if (a->set < b->set)
                return (-1);
@@ -5178,11 +5185,11 @@ struct object_kt {
 static int
 compare_object_kntlv(const void *k, const void *v)
 {
-       ipfw_obj_ntlv *ntlv;
+       const ipfw_obj_ntlv *ntlv;
        struct object_kt key;
 
-       key = *((struct object_kt *)k);
-       ntlv = (ipfw_obj_ntlv *)v;
+       key = *((const struct object_kt *)k);
+       ntlv = (const ipfw_obj_ntlv *)v;
 
        if (key.uidx < ntlv->idx)
                return (-1);
@@ -5318,14 +5325,14 @@ ipfw_add(char *av[])
        if (do_get3(IP_FW_XADD, op3, &sz) != 0)
                err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_XADD");
 
-       if (!co.do_quiet) {
+       if (!g_co.do_quiet) {
                struct format_opts sfo;
                struct buf_pr bp;
                memset(&sfo, 0, sizeof(sfo));
                sfo.tstate = tstate;
                sfo.set_mask = (uint32_t)(-1);
                bp_alloc(&bp, 4096);
-               show_static_rule(&co, &sfo, &bp, rule, NULL);
+               show_static_rule(&g_co, &sfo, &bp, rule, NULL);
                printf("%s", bp.buf);
                bp_free(&bp);
        }
@@ -5361,7 +5368,7 @@ ipfw_zero(int ac, char *av[], int optname)
                rt.flags = IPFW_RCFLAG_ALL;
                if (do_range_cmd(optname, &rt) < 0)
                        err(EX_UNAVAILABLE, "setsockopt(IP_FW_X%s)", name);
-               if (!co.do_quiet)
+               if (!g_co.do_quiet)
                        printf("%s.\n", optname == IP_FW_XZERO ?
                            "Accounting cleared":"Logging counts reset");
 
@@ -5379,8 +5386,8 @@ ipfw_zero(int ac, char *av[], int optname)
                        rt.start_rule = arg;
                        rt.end_rule = arg;
                        rt.flags |= IPFW_RCFLAG_RANGE;
-                       if (co.use_set != 0) {
-                               rt.set = co.use_set - 1;
+                       if (g_co.use_set != 0) {
+                               rt.set = g_co.use_set - 1;
                                rt.flags |= IPFW_RCFLAG_SET;
                        }
                        if (do_range_cmd(optname, &rt) != 0) {
@@ -5390,7 +5397,7 @@ ipfw_zero(int ac, char *av[], int optname)
                        } else if (rt.new_set == 0) {
                                printf("Entry %d not found\n", arg);
                                failed = EX_UNAVAILABLE;
-                       } else if (!co.do_quiet)
+                       } else if (!g_co.do_quiet)
                                printf("Entry %d %s.\n", arg,
                                    optname == IP_FW_XZERO ?
                                        "cleared" : "logging count reset");
@@ -5408,7 +5415,7 @@ ipfw_flush(int force)
 {
        ipfw_range_tlv rt;
 
-       if (!force && !co.do_quiet) { /* need to ask user */
+       if (!force && !g_co.do_quiet) { /* need to ask user */
                int c;
 
                printf("Are you sure? [yn] ");
@@ -5423,21 +5430,21 @@ ipfw_flush(int force)
                if (c == 'N')   /* user said no */
                        return;
        }
-       if (co.do_pipe) {
+       if (g_co.do_pipe) {
                dummynet_flush();
                return;
        }
        /* `ipfw set N flush` - is the same that `ipfw delete set N` */
        memset(&rt, 0, sizeof(rt));
-       if (co.use_set != 0) {
-               rt.set = co.use_set - 1;
+       if (g_co.use_set != 0) {
+               rt.set = g_co.use_set - 1;
                rt.flags = IPFW_RCFLAG_SET;
        } else
                rt.flags = IPFW_RCFLAG_ALL;
        if (do_range_cmd(IP_FW_XDEL, &rt) != 0)
                        err(EX_UNAVAILABLE, "setsockopt(IP_FW_XDEL)");
-       if (!co.do_quiet)
-               printf("Flushed all %s.\n", co.do_pipe ? "pipes" : "rules");
+       if (!g_co.do_quiet)
+               printf("Flushed all %s.\n", g_co.do_pipe ? "pipes" : "rules");
 }
 
 static struct _s_x intcmds[] = {
@@ -5473,13 +5480,13 @@ lookup_eaction_name(ipfw_obj_ntlv *ntlv, int cnt, uint
 }
 
 static void
-ipfw_list_objects(int ac, char *av[])
+ipfw_list_objects(int ac __unused, char *av[] __unused)
 {
        ipfw_obj_lheader req, *olh;
        ipfw_obj_ntlv *ntlv;
        const char *name;
        size_t sz;
-       int i;
+       uint32_t i;
 
        memset(&req, 0, sizeof(req));
        sz = sizeof(req);
@@ -5577,10 +5584,10 @@ ipfw_get_tracked_ifaces(ipfw_obj_lheader **polh)
 static int
 ifinfo_cmp(const void *a, const void *b)
 {
-       ipfw_iface_info *ia, *ib;
+       const ipfw_iface_info *ia, *ib;
 
-       ia = (ipfw_iface_info *)a;
-       ib = (ipfw_iface_info *)b;
+       ia = (const ipfw_iface_info *)a;
+       ib = (const ipfw_iface_info *)b;
 
        return (stringnum_cmp(ia->ifname, ib->ifname));
 }
@@ -5591,11 +5598,12 @@ ifinfo_cmp(const void *a, const void *b)
  * Returns 0 on success.
  */
 static void
-ipfw_list_tifaces()
+ipfw_list_tifaces(void)
 {
        ipfw_obj_lheader *olh;
        ipfw_iface_info *info;
-       int i, error;
+       uint32_t i;
+       int error;
 
        if ((error = ipfw_get_tracked_ifaces(&olh)) != 0)
                err(EX_OSERR, "Unable to request ipfw tracked interface list");

Modified: head/sbin/ipfw/ipfw2.h
==============================================================================
--- head/sbin/ipfw/ipfw2.h      Mon Jul 13 17:20:20 2020        (r363163)
+++ head/sbin/ipfw/ipfw2.h      Mon Jul 13 17:51:04 2020        (r363164)
@@ -51,7 +51,7 @@ struct cmdline_opts {
        int     do_sort;        /* field to sort results (0 = no) */
                /* valid fields are 1 and above */
 
-       int     use_set;        /* work with specified set number */
+       uint32_t use_set;       /* work with specified set number */
                /* 0 means all sets, otherwise apply to set use_set - 1 */
 
 };
@@ -62,7 +62,7 @@ enum {
        TIMESTAMP_NUMERIC,
 };
 
-extern struct cmdline_opts co;
+extern struct cmdline_opts g_co;
 
 /*
  * _s_x is a structure that stores a string <-> token pairs, used in
@@ -331,7 +331,7 @@ struct buf_pr {
 int pr_u64(struct buf_pr *bp, uint64_t *pd, int width);
 int bp_alloc(struct buf_pr *b, size_t size);
 void bp_free(struct buf_pr *b);
-int bprintf(struct buf_pr *b, char *format, ...);
+int bprintf(struct buf_pr *b, const char *format, ...);
 
 
 /* memory allocation support */
@@ -349,7 +349,7 @@ int match_token_relaxed(struct _s_x *table, const char
 int get_token(struct _s_x *table, const char *string, const char *errbase);
 char const *match_value(struct _s_x *p, int value);
 size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
-    char *delimiter);
+    const char *delimiter);
 int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set,
     uint32_t *clear);
 void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set);
@@ -361,7 +361,7 @@ int do_get3(int optname, struct _ip_fw3_opheader *op3,
 
 struct in6_addr;
 void n2mask(struct in6_addr *mask, int n);
-int contigmask(uint8_t *p, int len);
+int contigmask(const uint8_t *p, int len);
 
 /*
  * Forward declarations to avoid include way too many headers.
@@ -409,7 +409,7 @@ int ipfw_check_nat64prefix(const struct in6_addr *pref
 /* altq.c */
 void altq_set_enabled(int enabled);
 u_int32_t altq_name_to_qid(const char *name);
-void print_altq_cmd(struct buf_pr *bp, struct _ipfw_insn_altq *altqptr);
+void print_altq_cmd(struct buf_pr *bp, const struct _ipfw_insn_altq *altqptr);
 #else
 #define NO_ALTQ
 #endif
@@ -421,10 +421,10 @@ int ipfw_delete_pipe(int pipe_or_queue, int n);
 
 /* ipv6.c */
 void print_unreach6_code(struct buf_pr *bp, uint16_t code);
-void print_ip6(struct buf_pr *bp, struct _ipfw_insn_ip6 *cmd);
-void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
-void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
-void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd );
+void print_ip6(struct buf_pr *bp, const struct _ipfw_insn_ip6 *cmd);
+void print_flow6id(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
+void print_icmp6types(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
+void print_ext6hdr(struct buf_pr *bp, const struct _ipfw_insn *cmd);
 
 struct tidx;
 struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen,

Modified: head/sbin/ipfw/ipv6.c
==============================================================================
--- head/sbin/ipfw/ipv6.c       Mon Jul 13 17:20:20 2020        (r363163)
+++ head/sbin/ipfw/ipv6.c       Mon Jul 13 17:51:04 2020        (r363164)
@@ -85,14 +85,14 @@ print_unreach6_code(struct buf_pr *bp, uint16_t code)
  * Print the ip address contained in a command.
  */
 void
-print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd)
+print_ip6(struct buf_pr *bp, const ipfw_insn_ip6 *cmd)
 {
        char trad[255];
        struct hostent *he = NULL;
-       struct in6_addr *a = &(cmd->addr6);
+       const struct in6_addr *a = &(cmd->addr6);
        int len, mb;
 
-       len = F_LEN((ipfw_insn *) cmd) - 1;
+       len = F_LEN((const ipfw_insn *)cmd) - 1;
        if (cmd->o.opcode == O_IP6_SRC_ME || cmd->o.opcode == O_IP6_DST_ME) {
                bprintf(bp, " me6");
                return;
@@ -112,10 +112,11 @@ print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd)
                /* mask length */
                mb = (cmd->o.opcode == O_IP6_SRC ||
                    cmd->o.opcode == O_IP6_DST) ?  128:
-                   contigmask((uint8_t *)&(a[1]), 128);
+                   contigmask((const uint8_t *)&(a[1]), 128);
 
-               if (mb == 128 && co.do_resolv)
-                       he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6);
+               if (mb == 128 && g_co.do_resolv)
+                       he = gethostbyaddr((const char *)a, sizeof(*a),
+                           AF_INET6);
 
                if (he != NULL)      /* resolved to name */
                        bprintf(bp, "%s", he->h_name);
@@ -142,7 +143,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cb
 {
        uint8_t type;
 
-       CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_icmp6));
+       CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn_icmp6));
        memset(cmd, 0, sizeof(*cmd));
        while (*av) {
               if (*av == ',')
@@ -165,7 +166,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cb
 }
 
 void
-print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_icmp6types(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
 {
        int i, j;
        char sep= ' ';
@@ -181,7 +182,7 @@ print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd
 }
 
 void
-print_flow6id(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_flow6id(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
 {
        uint16_t i, limit = cmd->o.arg1;
        char sep = ',';
@@ -257,7 +258,7 @@ fill_ext6hdr( ipfw_insn *cmd, char *av)
 }
 
 void
-print_ext6hdr(struct buf_pr *bp, ipfw_insn *cmd )
+print_ext6hdr(struct buf_pr *bp, const ipfw_insn *cmd )
 {
        char sep = ' ';
 
@@ -364,7 +365,8 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen, stru
                int masklen;
                char md = '\0';
 
-               CHECK_LENGTH(cblen, 1 + len + 2 * F_INSN_SIZE(struct in6_addr));
+               CHECK_LENGTH(cblen,
+                   1 + len + 2 * (int)F_INSN_SIZE(struct in6_addr));
 
                if ((q = strchr(av, ',')) ) {
                        *q = '\0';
@@ -453,7 +455,8 @@ fill_flow6( ipfw_insn_u32 *cmd, char *av, int cblen)
        cmd->d[0] = 0;    /* Initializing the base number*/
 
        while (s) {
-               CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_u32) + nflow + 1);
+               CHECK_LENGTH(cblen,
+                   (int)F_INSN_SIZE(ipfw_insn_u32) + nflow + 1);
 
                av = strsep( &s, ",") ;
                type = strtoul(av, &av, 0);

Modified: head/sbin/ipfw/main.c
==============================================================================
--- head/sbin/ipfw/main.c       Mon Jul 13 17:20:20 2020        (r363163)
+++ head/sbin/ipfw/main.c       Mon Jul 13 17:51:04 2020        (r363164)
@@ -226,8 +226,8 @@ ipfw_main(int oldac, char **oldav)
        av[ac] = NULL;
 
        /* Set the force flag for non-interactive processes */
-       if (!co.do_force)
-               co.do_force = !isatty(STDIN_FILENO);
+       if (!g_co.do_force)
+               g_co.do_force = !isatty(STDIN_FILENO);
 
 #ifdef EMULATE_SYSCTL /* sysctl emulation */
        if ( ac >= 2 && !strcmp(av[1], "sysctl")) {
@@ -269,20 +269,20 @@ ipfw_main(int oldac, char **oldav)
                        break;
 
                case 'b':
-                       co.comment_only = 1;
-                       co.do_compact = 1;
+                       g_co.comment_only = 1;
+                       g_co.do_compact = 1;
                        break;
 
                case 'c':
-                       co.do_compact = 1;
+                       g_co.do_compact = 1;
                        break;
 
                case 'd':
-                       co.do_dynamic = 1;
+                       g_co.do_dynamic = 1;
                        break;
 
                case 'D':
-                       co.do_dynamic = 2;
+                       g_co.do_dynamic = 2;
                        break;
 
                case 'e':
@@ -290,7 +290,7 @@ ipfw_main(int oldac, char **oldav)
                        break;
 
                case 'f':

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to