aboutsummaryrefslogtreecommitdiff
path: root/sbin/ipfw
diff options
context:
space:
mode:
authorMark Johnston <markj@FreeBSD.org>2020-07-13 17:51:04 +0000
committerMark Johnston <markj@FreeBSD.org>2020-07-13 17:51:04 +0000
commit56707bee4b34c53ade245709397addac02c53726 (patch)
tree1404480bc153c770487682df2bae67600fdda8a4 /sbin/ipfw
parent329d975c0c8b521bd1500b409f780312335f6f2e (diff)
downloadsrc-56707bee4b34c53ade245709397addac02c53726.tar.gz
src-56707bee4b34c53ade245709397addac02c53726.zip
ipfw(8): Fix most warnings with the default WARNS level.
- Add missing const and static qualifiers. - Avoid shadowing the global "co" by renaming it to "g_co". - Avoid mixing signedness in loop bound checks. - Leave -Wcast-align warnings disabled for now. Reviewed by: ae, melifaro MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D25456
Notes
Notes: svn path=/head/; revision=363164
Diffstat (limited to 'sbin/ipfw')
-rw-r--r--sbin/ipfw/Makefile3
-rw-r--r--sbin/ipfw/altq.c2
-rw-r--r--sbin/ipfw/dummynet.c16
-rw-r--r--sbin/ipfw/ipfw2.c216
-rw-r--r--sbin/ipfw/ipfw2.h20
-rw-r--r--sbin/ipfw/ipv6.c27
-rw-r--r--sbin/ipfw/main.c84
-rw-r--r--sbin/ipfw/nat.c26
-rw-r--r--sbin/ipfw/nat64clat.c24
-rw-r--r--sbin/ipfw/nat64lsn.c48
-rw-r--r--sbin/ipfw/nat64stl.c24
-rw-r--r--sbin/ipfw/nptv6.c25
-rw-r--r--sbin/ipfw/tables.c75
13 files changed, 308 insertions, 282 deletions
diff --git a/sbin/ipfw/Makefile b/sbin/ipfw/Makefile
index 326a050cce2e..552755a16961 100644
--- a/sbin/ipfw/Makefile
+++ b/sbin/ipfw/Makefile
@@ -6,7 +6,6 @@ PACKAGE=ipfw
PROG= ipfw
SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c tables.c
SRCS+= nat64clat.c nat64lsn.c nat64stl.c nptv6.c
-WARNS?= 2
.if ${MK_PF} != "no"
SRCS+= altq.c
@@ -17,3 +16,5 @@ LIBADD= jail util
MAN= ipfw.8
.include <bsd.prog.mk>
+
+CWARNFLAGS+= -Wno-cast-align
diff --git a/sbin/ipfw/altq.c b/sbin/ipfw/altq.c
index 6fa81e7f6f65..081262fd3d80 100644
--- a/sbin/ipfw/altq.c
+++ b/sbin/ipfw/altq.c
@@ -140,7 +140,7 @@ altq_qid_to_name(u_int32_t qid)
}
void
-print_altq_cmd(struct buf_pr *bp, ipfw_insn_altq *altqptr)
+print_altq_cmd(struct buf_pr *bp, const ipfw_insn_altq *altqptr)
{
if (altqptr) {
const char *qname;
diff --git a/sbin/ipfw/dummynet.c b/sbin/ipfw/dummynet.c
index 6369c0a17b51..ef5b8b36efaa 100644
--- a/sbin/ipfw/dummynet.c
+++ b/sbin/ipfw/dummynet.c
@@ -166,8 +166,8 @@ enum {
#define PIE_SCALE (1L<<PIE_FIX_POINT_BITS)
/* integer to time */
-void
-us_to_time(int t,char *strt)
+static void
+us_to_time(int t, char *strt)
{
if (t < 0)
strt[0]='\0';
@@ -221,7 +221,7 @@ time_to_us(const char *s)
/* Get AQM or scheduler extra parameters */
-void
+static void
get_extra_parms(uint32_t nr, char *out, int subtype)
{
struct dn_extra_parms *ep;
@@ -586,7 +586,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end)
break;
}
case DN_CMD_GET:
- if (co.verbose)
+ if (g_co.verbose)
printf("answer for cmd %d, len %d\n", oid->type, oid->id);
break;
case DN_SCH: {
@@ -636,7 +636,7 @@ list_pipes(struct dn_id *oid, struct dn_id *end)
sprintf(bwbuf, "%7.3f bit/s ", b);
if (humanize_number(burst, sizeof(burst), p->burst,
- "", HN_AUTOSCALE, 0) < 0 || co.verbose)
+ "", HN_AUTOSCALE, 0) < 0 || g_co.verbose)
sprintf(burst, "%d", (int)p->burst);
sprintf(buf, "%05d: %s %4d ms burst %s",
p->link_nr % DN_MAX_ID, bwbuf, p->delay, burst);
@@ -1317,7 +1317,7 @@ ipfw_config_pipe(int ac, char **av)
o_next(&buf, sizeof(struct dn_id), DN_CMD_CONFIG);
base->id = DN_API_VERSION;
- switch (co.do_pipe) {
+ switch (g_co.do_pipe) {
case 1: /* "pipe N config ..." */
/* Allocate space for the WF2Q+ scheduler, its link
* and the FIFO flowset. Set the number, but leave
@@ -1893,7 +1893,7 @@ parse_range(int ac, char *av[], uint32_t *v, int len)
}
n++;
/* translate if 'pipe list' */
- if (co.do_pipe == 1) {
+ if (g_co.do_pipe == 1) {
v[0] += DN_MAX_ID;
v[1] += DN_MAX_ID;
}
@@ -1947,7 +1947,7 @@ dummynet_list(int ac, char *av[], int show_counters)
if (max_size < sizeof(struct dn_flow))
max_size = sizeof(struct dn_flow);
- switch (co.do_pipe) {
+ switch (g_co.do_pipe) {
case 1:
oid->subtype = DN_LINK; /* list pipe */
break;
diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c
index da28bb6a9db4..a577fd7e4825 100644
--- a/sbin/ipfw/ipfw2.c
+++ b/sbin/ipfw/ipfw2.c
@@ -57,7 +57,7 @@
#include <netinet/tcp.h>
#include <arpa/inet.h>
-struct cmdline_opts co; /* global options */
+struct cmdline_opts g_co; /* global options */
struct format_opts {
int bcwidth;
@@ -74,7 +74,7 @@ struct format_opts {
int resvd_set_number = RESVD_SET;
-int ipfw_socket = -1;
+static int ipfw_socket = -1;
#define CHECK_LENGTH(v, len) do { \
if ((v) < (len)) \
@@ -395,8 +395,8 @@ static int ipfw_show_config(struct cmdline_opts *co, struct format_opts *fo,
static void ipfw_list_tifaces(void);
struct tidx;
-static uint16_t pack_object(struct tidx *tstate, char *name, int otype);
-static uint16_t pack_table(struct tidx *tstate, char *name);
+static uint16_t pack_object(struct tidx *tstate, const char *name, int otype);
+static uint16_t pack_table(struct tidx *tstate, const char *name);
static char *table_search_ctlv(ipfw_obj_ctlv *ctlv, uint16_t idx);
static void object_sort_ctlv(ipfw_obj_ctlv *ctlv);
@@ -456,7 +456,7 @@ bp_flush(struct buf_pr *b)
* Returns number of bytes that should have been printed.
*/
int
-bprintf(struct buf_pr *b, char *format, ...)
+bprintf(struct buf_pr *b, const char *format, ...)
{
va_list args;
int i;
@@ -466,7 +466,7 @@ bprintf(struct buf_pr *b, char *format, ...)
i = vsnprintf(b->ptr, b->avail, format, args);
va_end(args);
- if (i > b->avail || i < 0) {
+ if (i < 0 || (size_t)i > b->avail) {
/* Overflow or print error */
b->avail = 0;
} else {
@@ -569,7 +569,7 @@ do_cmd(int optname, void *optval, uintptr_t optlen)
{
int i;
- if (co.test_only)
+ if (g_co.test_only)
return 0;
if (ipfw_socket == -1)
@@ -606,7 +606,7 @@ int
do_set3(int optname, ip_fw3_opheader *op3, size_t optlen)
{
- if (co.test_only)
+ if (g_co.test_only)
return (0);
if (ipfw_socket == -1)
@@ -635,7 +635,7 @@ do_get3(int optname, ip_fw3_opheader *op3, size_t *optlen)
int error;
socklen_t len;
- if (co.test_only)
+ if (g_co.test_only)
return (0);
if (ipfw_socket == -1)
@@ -725,7 +725,8 @@ match_value(struct _s_x *p, int value)
}
size_t
-concat_tokens(char *buf, size_t bufsize, struct _s_x *table, char *delimiter)
+concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
+ const char *delimiter)
{
struct _s_x *pt;
int l;
@@ -788,7 +789,7 @@ print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set)
set &= ~list[i].x;
l = snprintf(buf, sz, "%s%s", comma, list[i].s);
- if (l >= sz)
+ if (l < 0 || (size_t)l >= sz)
return;
comma = ",";
buf += l;
@@ -856,13 +857,13 @@ print_port(struct buf_pr *bp, int proto, uint16_t port)
if (proto == IPPROTO_ETHERTYPE) {
char const *s;
- if (co.do_resolv && (s = match_value(ether_types, port)) )
+ if (g_co.do_resolv && (s = match_value(ether_types, port)) )
bprintf(bp, "%s", s);
else
bprintf(bp, "0x%04x", port);
} else {
struct servent *se = NULL;
- if (co.do_resolv) {
+ if (g_co.do_resolv) {
struct protoent *pe = getprotobynumber(proto);
se = getservbyport(htons(port), pe ? pe->p_name : NULL);
@@ -893,9 +894,9 @@ static struct _s_x _port_name[] = {
* XXX todo: add support for mask.
*/
static void
-print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, int proto, int opcode)
+print_newports(struct buf_pr *bp, const ipfw_insn_u16 *cmd, int proto, int opcode)
{
- uint16_t *p = cmd->ports;
+ const uint16_t *p = cmd->ports;
int i;
char const *sep;
@@ -906,7 +907,7 @@ print_newports(struct buf_pr *bp, ipfw_insn_u16 *cmd, int proto, int opcode)
bprintf(bp, " %s", sep);
}
sep = " ";
- for (i = F_LEN((ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
+ for (i = F_LEN((const ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
bprintf(bp, "%s", sep);
print_port(bp, proto, p[0]);
if (p[0] != p[1]) {
@@ -1134,7 +1135,7 @@ print_reject_code(struct buf_pr *bp, uint16_t code)
* len is the max length in bits.
*/
int
-contigmask(uint8_t *p, int len)
+contigmask(const uint8_t *p, int len)
{
int i, n;
@@ -1152,7 +1153,7 @@ contigmask(uint8_t *p, int len)
* There is a specialized check for f_tcpflags.
*/
static void
-print_flags(struct buf_pr *bp, char const *name, ipfw_insn *cmd,
+print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd,
struct _s_x *list)
{
char const *comma = "";
@@ -1185,12 +1186,13 @@ print_flags(struct buf_pr *bp, char const *name, ipfw_insn *cmd,
* Print the ip address contained in a command.
*/
static void
-print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
+print_ip(struct buf_pr *bp, const struct format_opts *fo,
+ const ipfw_insn_ip *cmd)
{
struct hostent *he = NULL;
- struct in_addr *ia;
- uint32_t len = F_LEN((ipfw_insn *)cmd);
- uint32_t *a = ((ipfw_insn_u32 *)cmd)->d;
+ const struct in_addr *ia;
+ const uint32_t *a = ((const ipfw_insn_u32 *)cmd)->d;
+ uint32_t len = F_LEN((const ipfw_insn *)cmd);
char *t;
bprintf(bp, " ");
@@ -1200,7 +1202,8 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
if (d < sizeof(lookup_key)/sizeof(lookup_key[0]))
arg = match_value(rule_options, lookup_key[d]);
- t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1);
+ t = table_search_ctlv(fo->tstate,
+ ((const ipfw_insn *)cmd)->arg1);
bprintf(bp, "lookup %s %s", arg, t);
return;
}
@@ -1210,7 +1213,8 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
}
if (cmd->o.opcode == O_IP_SRC_LOOKUP ||
cmd->o.opcode == O_IP_DST_LOOKUP) {
- t = table_search_ctlv(fo->tstate, ((ipfw_insn *)cmd)->arg1);
+ t = table_search_ctlv(fo->tstate,
+ ((const ipfw_insn *)cmd)->arg1);
bprintf(bp, "table(%s", t);
if (len == F_INSN_SIZE(ipfw_insn_u32))
bprintf(bp, ",%u", *a);
@@ -1218,16 +1222,18 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
return;
}
if (cmd->o.opcode == O_IP_SRC_SET || cmd->o.opcode == O_IP_DST_SET) {
- uint32_t x, *map = (uint32_t *)&(cmd->mask);
+ const uint32_t *map = (const uint32_t *)&cmd->mask;
+ struct in_addr addr;
+ uint32_t x;
int i, j;
char comma = '{';
x = cmd->o.arg1 - 1;
- x = htonl( ~x );
- cmd->addr.s_addr = htonl(cmd->addr.s_addr);
- bprintf(bp, "%s/%d", inet_ntoa(cmd->addr),
- contigmask((uint8_t *)&x, 32));
- x = cmd->addr.s_addr = htonl(cmd->addr.s_addr);
+ x = htonl(~x);
+ addr.s_addr = htonl(cmd->addr.s_addr);
+ bprintf(bp, "%s/%d", inet_ntoa(addr),
+ contigmask((uint8_t *)&x, 32));
+ x = cmd->addr.s_addr;
x &= 0xff; /* base */
/*
* Print bits and ranges.
@@ -1258,19 +1264,19 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
for (len = len / 2; len > 0; len--, a += 2) {
int mb = /* mask length */
(cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ?
- 32 : contigmask((uint8_t *)&(a[1]), 32);
- if (mb == 32 && co.do_resolv)
- he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t),
+ 32 : contigmask((const uint8_t *)&(a[1]), 32);
+ if (mb == 32 && g_co.do_resolv)
+ he = gethostbyaddr((const char *)&(a[0]), sizeof(in_addr_t),
AF_INET);
if (he != NULL) /* resolved to name */
bprintf(bp, "%s", he->h_name);
else if (mb == 0) /* any */
bprintf(bp, "any");
else { /* numeric IP followed by some kind of mask */
- ia = (struct in_addr *)&a[0];
+ ia = (const struct in_addr *)&a[0];
bprintf(bp, "%s", inet_ntoa(*ia));
if (mb < 0) {
- ia = (struct in_addr *)&a[1];
+ ia = (const struct in_addr *)&a[1];
bprintf(bp, ":%s", inet_ntoa(*ia));
} else if (mb < 32)
bprintf(bp, "/%d", mb);
@@ -1284,7 +1290,7 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, ipfw_insn_ip *cmd)
* prints a MAC address/mask pair
*/
static void
-format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *mask)
+format_mac(struct buf_pr *bp, const uint8_t *addr, const uint8_t *mask)
{
int l = contigmask(mask, 48);
@@ -1303,7 +1309,7 @@ format_mac(struct buf_pr *bp, uint8_t *addr, uint8_t *mask)
}
static void
-print_mac(struct buf_pr *bp, ipfw_insn_mac *mac)
+print_mac(struct buf_pr *bp, const ipfw_insn_mac *mac)
{
bprintf(bp, " MAC");
@@ -1336,7 +1342,7 @@ fill_icmptypes(ipfw_insn_u32 *cmd, char *av)
}
static void
-print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_icmptypes(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
int i;
char sep= ' ';
@@ -1351,12 +1357,12 @@ print_icmptypes(struct buf_pr *bp, ipfw_insn_u32 *cmd)
}
static void
-print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_dscp(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
+ const uint32_t *v;
+ const char *code;
int i = 0;
- uint32_t *v;
char sep= ' ';
- const char *code;
bprintf(bp, " dscp");
v = cmd->d;
@@ -1374,7 +1380,7 @@ print_dscp(struct buf_pr *bp, ipfw_insn_u32 *cmd)
}
}
-#define insntod(cmd, type) ((ipfw_insn_ ## type *)(cmd))
+#define insntod(cmd, type) ((const ipfw_insn_ ## type *)(cmd))
struct show_state {
struct ip_fw_rule *rule;
const ipfw_insn *eaction;
@@ -1443,7 +1449,7 @@ print_limit_mask(struct buf_pr *bp, const ipfw_insn_limit *limit)
static int
print_instruction(struct buf_pr *bp, const struct format_opts *fo,
- struct show_state *state, ipfw_insn *cmd)
+ struct show_state *state, const ipfw_insn *cmd)
{
struct protoent *pe;
struct passwd *pwd;
@@ -1685,7 +1691,7 @@ print_instruction(struct buf_pr *bp, const struct format_opts *fo,
bprintf(bp, " ipsec");
break;
case O_NOP:
- bprintf(bp, " // %s", (char *)(cmd + 1));
+ bprintf(bp, " // %s", (const char *)(cmd + 1));
break;
case O_KEEP_STATE:
if (state->flags & HAVE_PROBE_STATE)
@@ -1777,8 +1783,8 @@ static void
print_fwd(struct buf_pr *bp, const ipfw_insn *cmd)
{
char buf[INET6_ADDRSTRLEN + IF_NAMESIZE + 2];
- ipfw_insn_sa6 *sa6;
- ipfw_insn_sa *sa;
+ const ipfw_insn_sa6 *sa6;
+ const ipfw_insn_sa *sa;
uint16_t port;
if (cmd->opcode == O_FORWARD_IP) {
@@ -2056,7 +2062,7 @@ print_proto(struct buf_pr *bp, struct format_opts *fo,
static int
match_opcode(int opcode, const int opcodes[], size_t nops)
{
- int i;
+ size_t i;
for (i = 0; i < nops; i++)
if (opcode == opcodes[i])
@@ -2138,10 +2144,10 @@ static void
show_static_rule(struct cmdline_opts *co, struct format_opts *fo,
struct buf_pr *bp, struct ip_fw_rule *rule, struct ip_fw_bcounter *cntr)
{
+ static int twidth = 0;
struct show_state state;
ipfw_insn *cmd;
- static int twidth = 0;
- int i;
+ size_t i;
/* Print # DISABLED or skip the rule */
if ((fo->set_mask & (1 << rule->set)) == 0) {
@@ -2361,7 +2367,7 @@ void
ipfw_sets_handler(char *av[])
{
ipfw_range_tlv rt;
- char *msg;
+ const char *msg;
size_t size;
uint32_t masks[2];
int i;
@@ -2378,7 +2384,7 @@ ipfw_sets_handler(char *av[])
ipfw_cfg_lheader *cfg;
memset(&fo, 0, sizeof(fo));
- if (ipfw_get_config(&co, &fo, &cfg, &size) != 0)
+ if (ipfw_get_config(&g_co, &fo, &cfg, &size) != 0)
err(EX_OSERR, "requesting config failed");
for (i = 0, msg = "disable"; i < RESVD_SET; i++)
@@ -2507,7 +2513,7 @@ typedef void state_cb(struct cmdline_opts *co, struct format_opts *fo,
static void
prepare_format_dyn(struct cmdline_opts *co, struct format_opts *fo,
- void *arg, void *_state)
+ void *arg __unused, void *_state)
{
ipfw_dyn_rule *d;
int width;
@@ -2701,11 +2707,11 @@ ipfw_list(int ac, char *av[], int show_counters)
uint32_t rnum;
char *endptr;
- if (co.test_only) {
+ if (g_co.test_only) {
fprintf(stderr, "Testing only, list disabled\n");
return;
}
- if (co.do_pipe) {
+ if (g_co.do_pipe) {
dummynet_list(ac, av, show_counters);
return;
}
@@ -2731,17 +2737,17 @@ ipfw_list(int ac, char *av[], int show_counters)
/* get configuraion from kernel */
cfg = NULL;
sfo.show_counters = show_counters;
- sfo.show_time = co.do_time;
- if (co.do_dynamic != 2)
+ sfo.show_time = g_co.do_time;
+ if (g_co.do_dynamic != 2)
sfo.flags |= IPFW_CFG_GET_STATIC;
- if (co.do_dynamic != 0)
+ if (g_co.do_dynamic != 0)
sfo.flags |= IPFW_CFG_GET_STATES;
if ((sfo.show_counters | sfo.show_time) != 0)
sfo.flags |= IPFW_CFG_GET_COUNTERS;
- if (ipfw_get_config(&co, &sfo, &cfg, &sz) != 0)
+ if (ipfw_get_config(&g_co, &sfo, &cfg, &sz) != 0)
err(EX_OSERR, "retrieving config failed");
- error = ipfw_show_config(&co, &sfo, cfg, sz, ac, av);
+ error = ipfw_show_config(&g_co, &sfo, cfg, sz, ac, av);
free(cfg);
@@ -2974,7 +2980,8 @@ ipfw_check_object_name(const char *name)
return (0);
}
-static char *default_state_name = "default";
+static const char *default_state_name = "default";
+
static int
state_check_name(const char *name)
{
@@ -3000,10 +3007,10 @@ eaction_check_name(const char *name)
}
static uint16_t
-pack_object(struct tidx *tstate, char *name, int otype)
+pack_object(struct tidx *tstate, const char *name, int otype)
{
- int i;
ipfw_obj_ntlv *ntlv;
+ uint32_t i;
for (i = 0; i < tstate->count; i++) {
if (strcmp(tstate->idx[i].name, name) != 0)
@@ -3037,7 +3044,7 @@ pack_object(struct tidx *tstate, char *name, int otype)
}
static uint16_t
-pack_table(struct tidx *tstate, char *name)
+pack_table(struct tidx *tstate, const char *name)
{
if (table_check_name(name) != 0)
@@ -3116,7 +3123,7 @@ fill_ip(ipfw_insn_ip *cmd, char *av, int cblen, struct tidx *tstate)
int masklen;
char md, nd = '\0';
- CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn) + 2 + len);
+ CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn) + 2 + len);
if (p) {
md = *p;
@@ -3314,7 +3321,7 @@ ipfw_delete(char *av[])
/* Do not allow using the following syntax:
* ipfw set N delete set M
*/
- if (co.use_set)
+ if (g_co.use_set)
errx(EX_DATAERR, "invalid syntax");
do_set = 1; /* delete set */
av++;
@@ -3327,10 +3334,10 @@ ipfw_delete(char *av[])
if (*sep== '-')
j = strtol(sep + 1, NULL, 10);
av++;
- if (co.do_nat) {
+ if (g_co.do_nat) {
exitval = ipfw_delete_nat(i);
- } else if (co.do_pipe) {
- exitval = ipfw_delete_pipe(co.do_pipe, i);
+ } else if (g_co.do_pipe) {
+ exitval = ipfw_delete_pipe(g_co.do_pipe, i);
} else {
memset(&rt, 0, sizeof(rt));
if (do_set != 0) {
@@ -3343,24 +3350,24 @@ ipfw_delete(char *av[])
rt.flags |= IPFW_RCFLAG_ALL;
else
rt.flags |= IPFW_RCFLAG_RANGE;
- if (co.use_set != 0) {
- rt.set = co.use_set - 1;
+ if (g_co.use_set != 0) {
+ rt.set = g_co.use_set - 1;
rt.flags |= IPFW_RCFLAG_SET;
}
}
- if (co.do_dynamic == 2)
+ if (g_co.do_dynamic == 2)
rt.flags |= IPFW_RCFLAG_DYNAMIC;
i = do_range_cmd(IP_FW_XDEL, &rt);
if (i != 0) {
exitval = EX_UNAVAILABLE;
- if (co.do_quiet)
+ if (g_co.do_quiet)
continue;
warn("rule %u: setsockopt(IP_FW_XDEL)",
rt.start_rule);
} else if (rt.new_set == 0 && do_set == 0 &&
- co.do_dynamic != 2) {
+ g_co.do_dynamic != 2) {
exitval = EX_UNAVAILABLE;
- if (co.do_quiet)
+ if (g_co.do_quiet)
continue;
if (rt.start_rule != rt.end_rule)
warnx("no rules rules in %u-%u range",
@@ -3371,7 +3378,7 @@ ipfw_delete(char *av[])
}
}
}
- if (exitval != EX_OK && co.do_force == 0)
+ if (exitval != EX_OK && g_co.do_force == 0)
exit(exitval);
}
@@ -3696,7 +3703,7 @@ add_src(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
struct in6_addr a;
char *host, *ch, buf[INET6_ADDRSTRLEN];
ipfw_insn *ret = NULL;
- int len;
+ size_t len;
/* Copy first address in set if needed */
if ((ch = strpbrk(av, "/,")) != NULL) {
@@ -3727,7 +3734,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
struct in6_addr a;
char *host, *ch, buf[INET6_ADDRSTRLEN];
ipfw_insn *ret = NULL;
- int len;
+ size_t len;
/* Copy first address in set if needed */
if ((ch = strpbrk(av, "/,")) != NULL) {
@@ -3764,7 +3771,7 @@ add_dst(ipfw_insn *cmd, char *av, u_char proto, int cblen, struct tidx *tstate)
* various match patterns, log/altq actions, and the actual action.
*
*/
-void
+static void
compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate)
{
/*
@@ -4250,7 +4257,7 @@ chkarg:
len = sizeof(c->max_log);
if (sysctlbyname("net.inet.ip.fw.verbose_limit",
&c->max_log, &len, NULL, 0) == -1) {
- if (co.test_only) {
+ if (g_co.test_only) {
c->max_log = 0;
break;
}
@@ -5138,10 +5145,10 @@ done:
static int
compare_ntlv(const void *_a, const void *_b)
{
- ipfw_obj_ntlv *a, *b;
+ const ipfw_obj_ntlv *a, *b;
- a = (ipfw_obj_ntlv *)_a;
- b = (ipfw_obj_ntlv *)_b;
+ a = (const ipfw_obj_ntlv *)_a;
+ b = (const ipfw_obj_ntlv *)_b;
if (a->set < b->set)
return (-1);
@@ -5178,11 +5185,11 @@ struct object_kt {
static int
compare_object_kntlv(const void *k, const void *v)
{
- ipfw_obj_ntlv *ntlv;
+ const ipfw_obj_ntlv *ntlv;
struct object_kt key;
- key = *((struct object_kt *)k);
- ntlv = (ipfw_obj_ntlv *)v;
+ key = *((const struct object_kt *)k);
+ ntlv = (const ipfw_obj_ntlv *)v;
if (key.uidx < ntlv->idx)
return (-1);
@@ -5318,14 +5325,14 @@ ipfw_add(char *av[])
if (do_get3(IP_FW_XADD, op3, &sz) != 0)
err(EX_UNAVAILABLE, "getsockopt(%s)", "IP_FW_XADD");
- if (!co.do_quiet) {
+ if (!g_co.do_quiet) {
struct format_opts sfo;
struct buf_pr bp;
memset(&sfo, 0, sizeof(sfo));
sfo.tstate = tstate;
sfo.set_mask = (uint32_t)(-1);
bp_alloc(&bp, 4096);
- show_static_rule(&co, &sfo, &bp, rule, NULL);
+ show_static_rule(&g_co, &sfo, &bp, rule, NULL);
printf("%s", bp.buf);
bp_free(&bp);
}
@@ -5361,7 +5368,7 @@ ipfw_zero(int ac, char *av[], int optname)
rt.flags = IPFW_RCFLAG_ALL;
if (do_range_cmd(optname, &rt) < 0)
err(EX_UNAVAILABLE, "setsockopt(IP_FW_X%s)", name);
- if (!co.do_quiet)
+ if (!g_co.do_quiet)
printf("%s.\n", optname == IP_FW_XZERO ?
"Accounting cleared":"Logging counts reset");
@@ -5379,8 +5386,8 @@ ipfw_zero(int ac, char *av[], int optname)
rt.start_rule = arg;
rt.end_rule = arg;
rt.flags |= IPFW_RCFLAG_RANGE;
- if (co.use_set != 0) {
- rt.set = co.use_set - 1;
+ if (g_co.use_set != 0) {
+ rt.set = g_co.use_set - 1;
rt.flags |= IPFW_RCFLAG_SET;
}
if (do_range_cmd(optname, &rt) != 0) {
@@ -5390,7 +5397,7 @@ ipfw_zero(int ac, char *av[], int optname)
} else if (rt.new_set == 0) {
printf("Entry %d not found\n", arg);
failed = EX_UNAVAILABLE;
- } else if (!co.do_quiet)
+ } else if (!g_co.do_quiet)
printf("Entry %d %s.\n", arg,
optname == IP_FW_XZERO ?
"cleared" : "logging count reset");
@@ -5408,7 +5415,7 @@ ipfw_flush(int force)
{
ipfw_range_tlv rt;
- if (!force && !co.do_quiet) { /* need to ask user */
+ if (!force && !g_co.do_quiet) { /* need to ask user */
int c;
printf("Are you sure? [yn] ");
@@ -5423,21 +5430,21 @@ ipfw_flush(int force)
if (c == 'N') /* user said no */
return;
}
- if (co.do_pipe) {
+ if (g_co.do_pipe) {
dummynet_flush();
return;
}
/* `ipfw set N flush` - is the same that `ipfw delete set N` */
memset(&rt, 0, sizeof(rt));
- if (co.use_set != 0) {
- rt.set = co.use_set - 1;
+ if (g_co.use_set != 0) {
+ rt.set = g_co.use_set - 1;
rt.flags = IPFW_RCFLAG_SET;
} else
rt.flags = IPFW_RCFLAG_ALL;
if (do_range_cmd(IP_FW_XDEL, &rt) != 0)
err(EX_UNAVAILABLE, "setsockopt(IP_FW_XDEL)");
- if (!co.do_quiet)
- printf("Flushed all %s.\n", co.do_pipe ? "pipes" : "rules");
+ if (!g_co.do_quiet)
+ printf("Flushed all %s.\n", g_co.do_pipe ? "pipes" : "rules");
}
static struct _s_x intcmds[] = {
@@ -5473,13 +5480,13 @@ lookup_eaction_name(ipfw_obj_ntlv *ntlv, int cnt, uint16_t type)
}
static void
-ipfw_list_objects(int ac, char *av[])
+ipfw_list_objects(int ac __unused, char *av[] __unused)
{
ipfw_obj_lheader req, *olh;
ipfw_obj_ntlv *ntlv;
const char *name;
size_t sz;
- int i;
+ uint32_t i;
memset(&req, 0, sizeof(req));
sz = sizeof(req);
@@ -5577,10 +5584,10 @@ ipfw_get_tracked_ifaces(ipfw_obj_lheader **polh)
static int
ifinfo_cmp(const void *a, const void *b)
{
- ipfw_iface_info *ia, *ib;
+ const ipfw_iface_info *ia, *ib;
- ia = (ipfw_iface_info *)a;
- ib = (ipfw_iface_info *)b;
+ ia = (const ipfw_iface_info *)a;
+ ib = (const ipfw_iface_info *)b;
return (stringnum_cmp(ia->ifname, ib->ifname));
}
@@ -5591,11 +5598,12 @@ ifinfo_cmp(const void *a, const void *b)
* Returns 0 on success.
*/
static void
-ipfw_list_tifaces()
+ipfw_list_tifaces(void)
{
ipfw_obj_lheader *olh;
ipfw_iface_info *info;
- int i, error;
+ uint32_t i;
+ int error;
if ((error = ipfw_get_tracked_ifaces(&olh)) != 0)
err(EX_OSERR, "Unable to request ipfw tracked interface list");
diff --git a/sbin/ipfw/ipfw2.h b/sbin/ipfw/ipfw2.h
index 4540ab16b9bf..106d74cb15b4 100644
--- a/sbin/ipfw/ipfw2.h
+++ b/sbin/ipfw/ipfw2.h
@@ -51,7 +51,7 @@ struct cmdline_opts {
int do_sort; /* field to sort results (0 = no) */
/* valid fields are 1 and above */
- int use_set; /* work with specified set number */
+ uint32_t use_set; /* work with specified set number */
/* 0 means all sets, otherwise apply to set use_set - 1 */
};
@@ -62,7 +62,7 @@ enum {
TIMESTAMP_NUMERIC,
};
-extern struct cmdline_opts co;
+extern struct cmdline_opts g_co;
/*
* _s_x is a structure that stores a string <-> token pairs, used in
@@ -331,7 +331,7 @@ struct buf_pr {
int pr_u64(struct buf_pr *bp, uint64_t *pd, int width);
int bp_alloc(struct buf_pr *b, size_t size);
void bp_free(struct buf_pr *b);
-int bprintf(struct buf_pr *b, char *format, ...);
+int bprintf(struct buf_pr *b, const char *format, ...);
/* memory allocation support */
@@ -349,7 +349,7 @@ int match_token_relaxed(struct _s_x *table, const char *string);
int get_token(struct _s_x *table, const char *string, const char *errbase);
char const *match_value(struct _s_x *p, int value);
size_t concat_tokens(char *buf, size_t bufsize, struct _s_x *table,
- char *delimiter);
+ const char *delimiter);
int fill_flags(struct _s_x *flags, char *p, char **e, uint32_t *set,
uint32_t *clear);
void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set);
@@ -361,7 +361,7 @@ int do_get3(int optname, struct _ip_fw3_opheader *op3, size_t *optlen);
struct in6_addr;
void n2mask(struct in6_addr *mask, int n);
-int contigmask(uint8_t *p, int len);
+int contigmask(const uint8_t *p, int len);
/*
* Forward declarations to avoid include way too many headers.
@@ -409,7 +409,7 @@ int ipfw_check_nat64prefix(const struct in6_addr *prefix, int length);
/* altq.c */
void altq_set_enabled(int enabled);
u_int32_t altq_name_to_qid(const char *name);
-void print_altq_cmd(struct buf_pr *bp, struct _ipfw_insn_altq *altqptr);
+void print_altq_cmd(struct buf_pr *bp, const struct _ipfw_insn_altq *altqptr);
#else
#define NO_ALTQ
#endif
@@ -421,10 +421,10 @@ int ipfw_delete_pipe(int pipe_or_queue, int n);
/* ipv6.c */
void print_unreach6_code(struct buf_pr *bp, uint16_t code);
-void print_ip6(struct buf_pr *bp, struct _ipfw_insn_ip6 *cmd);
-void print_flow6id(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
-void print_icmp6types(struct buf_pr *bp, struct _ipfw_insn_u32 *cmd);
-void print_ext6hdr(struct buf_pr *bp, struct _ipfw_insn *cmd );
+void print_ip6(struct buf_pr *bp, const struct _ipfw_insn_ip6 *cmd);
+void print_flow6id(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
+void print_icmp6types(struct buf_pr *bp, const struct _ipfw_insn_u32 *cmd);
+void print_ext6hdr(struct buf_pr *bp, const struct _ipfw_insn *cmd);
struct tidx;
struct _ipfw_insn *add_srcip6(struct _ipfw_insn *cmd, char *av, int cblen,
diff --git a/sbin/ipfw/ipv6.c b/sbin/ipfw/ipv6.c
index a9259b65a6fa..eea313572f34 100644
--- a/sbin/ipfw/ipv6.c
+++ b/sbin/ipfw/ipv6.c
@@ -85,14 +85,14 @@ print_unreach6_code(struct buf_pr *bp, uint16_t code)
* Print the ip address contained in a command.
*/
void
-print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd)
+print_ip6(struct buf_pr *bp, const ipfw_insn_ip6 *cmd)
{
char trad[255];
struct hostent *he = NULL;
- struct in6_addr *a = &(cmd->addr6);
+ const struct in6_addr *a = &(cmd->addr6);
int len, mb;
- len = F_LEN((ipfw_insn *) cmd) - 1;
+ len = F_LEN((const ipfw_insn *)cmd) - 1;
if (cmd->o.opcode == O_IP6_SRC_ME || cmd->o.opcode == O_IP6_DST_ME) {
bprintf(bp, " me6");
return;
@@ -112,10 +112,11 @@ print_ip6(struct buf_pr *bp, ipfw_insn_ip6 *cmd)
/* mask length */
mb = (cmd->o.opcode == O_IP6_SRC ||
cmd->o.opcode == O_IP6_DST) ? 128:
- contigmask((uint8_t *)&(a[1]), 128);
+ contigmask((const uint8_t *)&(a[1]), 128);
- if (mb == 128 && co.do_resolv)
- he = gethostbyaddr((char *)a, sizeof(*a), AF_INET6);
+ if (mb == 128 && g_co.do_resolv)
+ he = gethostbyaddr((const char *)a, sizeof(*a),
+ AF_INET6);
if (he != NULL) /* resolved to name */
bprintf(bp, "%s", he->h_name);
@@ -142,7 +143,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cblen)
{
uint8_t type;
- CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_icmp6));
+ CHECK_LENGTH(cblen, (int)F_INSN_SIZE(ipfw_insn_icmp6));
memset(cmd, 0, sizeof(*cmd));
while (*av) {
if (*av == ',')
@@ -165,7 +166,7 @@ fill_icmp6types(ipfw_insn_icmp6 *cmd, char *av, int cblen)
}
void
-print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_icmp6types(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
int i, j;
char sep= ' ';
@@ -181,7 +182,7 @@ print_icmp6types(struct buf_pr *bp, ipfw_insn_u32 *cmd)
}
void
-print_flow6id(struct buf_pr *bp, ipfw_insn_u32 *cmd)
+print_flow6id(struct buf_pr *bp, const ipfw_insn_u32 *cmd)
{
uint16_t i, limit = cmd->o.arg1;
char sep = ',';
@@ -257,7 +258,7 @@ fill_ext6hdr( ipfw_insn *cmd, char *av)
}
void
-print_ext6hdr(struct buf_pr *bp, ipfw_insn *cmd )
+print_ext6hdr(struct buf_pr *bp, const ipfw_insn *cmd )
{
char sep = ' ';
@@ -364,7 +365,8 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen, struct tidx *tstate)
int masklen;
char md = '\0';
- CHECK_LENGTH(cblen, 1 + len + 2 * F_INSN_SIZE(struct in6_addr));
+ CHECK_LENGTH(cblen,
+ 1 + len + 2 * (int)F_INSN_SIZE(struct in6_addr));
if ((q = strchr(av, ',')) ) {
*q = '\0';
@@ -453,7 +455,8 @@ fill_flow6( ipfw_insn_u32 *cmd, char *av, int cblen)
cmd->d[0] = 0; /* Initializing the base number*/
while (s) {
- CHECK_LENGTH(cblen, F_INSN_SIZE(ipfw_insn_u32) + nflow + 1);
+ CHECK_LENGTH(cblen,
+ (int)F_INSN_SIZE(ipfw_insn_u32) + nflow + 1);
av = strsep( &s, ",") ;
type = strtoul(av, &av, 0);
diff --git a/sbin/ipfw/main.c b/sbin/ipfw/main.c
index 9688952ec39c..dc55d0bfa416 100644
--- a/sbin/ipfw/main.c
+++ b/sbin/ipfw/main.c
@@ -226,8 +226,8 @@ ipfw_main(int oldac, char **oldav)
av[ac] = NULL;
/* Set the force flag for non-interactive processes */
- if (!co.do_force)
- co.do_force = !isatty(STDIN_FILENO);
+ if (!g_co.do_force)
+ g_co.do_force = !isatty(STDIN_FILENO);
#ifdef EMULATE_SYSCTL /* sysctl emulation */
if ( ac >= 2 && !strcmp(av[1], "sysctl")) {
@@ -269,20 +269,20 @@ ipfw_main(int oldac, char **oldav)
break;
case 'b':
- co.comment_only = 1;
- co.do_compact = 1;
+ g_co.comment_only = 1;
+ g_co.do_compact = 1;
break;
case 'c':
- co.do_compact = 1;
+ g_co.do_compact = 1;
break;
case 'd':
- co.do_dynamic = 1;
+ g_co.do_dynamic = 1;
break;
case 'D':
- co.do_dynamic = 2;
+ g_co.do_dynamic = 2;
break;
case 'e':
@@ -290,7 +290,7 @@ ipfw_main(int oldac, char **oldav)
break;
case 'f':
- co.do_force = 1;
+ g_co.do_force = 1;
break;
case 'h': /* help */
@@ -299,15 +299,15 @@ ipfw_main(int oldac, char **oldav)
break; /* NOTREACHED */
case 'i':
- co.do_value_as_ip = 1;
+ g_co.do_value_as_ip = 1;
break;
case 'n':
- co.test_only = 1;
+ g_co.test_only = 1;
break;
case 'N':
- co.do_resolv = 1;
+ g_co.do_resolv = 1;
break;
case 'p':
@@ -316,27 +316,27 @@ ipfw_main(int oldac, char **oldav)
/* NOTREACHED */
case 'q':
- co.do_quiet = 1;
+ g_co.do_quiet = 1;
break;
case 's': /* sort */
- co.do_sort = atoi(optarg);
+ g_co.do_sort = atoi(optarg);
break;
case 'S':
- co.show_sets = 1;
+ g_co.show_sets = 1;
break;
case 't':
- co.do_time = TIMESTAMP_STRING;
+ g_co.do_time = TIMESTAMP_STRING;
break;
case 'T':
- co.do_time = TIMESTAMP_NUMERIC;
+ g_co.do_time = TIMESTAMP_NUMERIC;
break;
case 'v': /* verbose */
- co.verbose = 1;
+ g_co.verbose = 1;
break;
default:
@@ -363,31 +363,31 @@ ipfw_main(int oldac, char **oldav)
/*
* Optional: pipe, queue or nat.
*/
- co.do_nat = 0;
- co.do_pipe = 0;
- co.use_set = 0;
+ g_co.do_nat = 0;
+ g_co.do_pipe = 0;
+ g_co.use_set = 0;
if (!strncmp(*av, "nat", strlen(*av)))
- co.do_nat = 1;
- else if (!strncmp(*av, "pipe", strlen(*av)))
- co.do_pipe = 1;
+ g_co.do_nat = 1;
+ else if (!strncmp(*av, "pipe", strlen(*av)))
+ g_co.do_pipe = 1;
else if (_substrcmp(*av, "queue") == 0)
- co.do_pipe = 2;
+ g_co.do_pipe = 2;
else if (_substrcmp(*av, "flowset") == 0)
- co.do_pipe = 2;
+ g_co.do_pipe = 2;
else if (_substrcmp(*av, "sched") == 0)
- co.do_pipe = 3;
+ g_co.do_pipe = 3;
else if (!strncmp(*av, "set", strlen(*av))) {
if (ac > 1 && isdigit(av[1][0])) {
- co.use_set = strtonum(av[1], 0, resvd_set_number,
+ g_co.use_set = strtonum(av[1], 0, resvd_set_number,
&errstr);
if (errstr)
errx(EX_DATAERR,
"invalid set number %s\n", av[1]);
- ac -= 2; av += 2; co.use_set++;
+ ac -= 2; av += 2; g_co.use_set++;
}
}
- if (co.do_pipe || co.do_nat) {
+ if (g_co.do_pipe || g_co.do_nat) {
ac--;
av++;
}
@@ -398,21 +398,21 @@ ipfw_main(int oldac, char **oldav)
* but the code is easier to parse as 'nat|pipe config NN'
* so we swap the two arguments.
*/
- if ((co.do_pipe || co.do_nat) && ac > 1 && isdigit(*av[0])) {
+ if ((g_co.do_pipe || g_co.do_nat) && ac > 1 && isdigit(*av[0])) {
char *p = av[0];
av[0] = av[1];
av[1] = p;
}
- if (co.use_set == 0) {
+ if (g_co.use_set == 0) {
if (_substrcmp(*av, "add") == 0)
ipfw_add(av);
- else if (co.do_nat && _substrcmp(*av, "show") == 0)
+ else if (g_co.do_nat && _substrcmp(*av, "show") == 0)
ipfw_show_nat(ac, av);
- else if (co.do_pipe && _substrcmp(*av, "config") == 0)
+ else if (g_co.do_pipe && _substrcmp(*av, "config") == 0)
ipfw_config_pipe(ac, av);
- else if (co.do_nat && _substrcmp(*av, "config") == 0)
+ else if (g_co.do_nat && _substrcmp(*av, "config") == 0)
ipfw_config_nat(ac, av);
else if (_substrcmp(*av, "set") == 0)
ipfw_sets_handler(av);
@@ -426,7 +426,7 @@ ipfw_main(int oldac, char **oldav)
try_next = 1;
}
- if (co.use_set || try_next) {
+ if (g_co.use_set || try_next) {
if (_substrcmp(*av, "delete") == 0)
ipfw_delete(av);
else if (!strncmp(*av, "nat64clat", strlen(*av)))
@@ -438,7 +438,7 @@ ipfw_main(int oldac, char **oldav)
else if (!strncmp(*av, "nptv6", strlen(*av)))
ipfw_nptv6_handler(ac, av);
else if (_substrcmp(*av, "flush") == 0)
- ipfw_flush(co.do_force);
+ ipfw_flush(g_co.do_force);
else if (_substrcmp(*av, "zero") == 0)
ipfw_zero(ac, av, 0 /* IP_FW_ZERO */);
else if (_substrcmp(*av, "resetlog") == 0)
@@ -477,19 +477,19 @@ ipfw_readfile(int ac, char *av[])
while ((c = getopt(ac, av, "cfNnp:qS")) != -1) {
switch(c) {
case 'c':
- co.do_compact = 1;
+ g_co.do_compact = 1;
break;
case 'f':
- co.do_force = 1;
+ g_co.do_force = 1;
break;
case 'N':
- co.do_resolv = 1;
+ g_co.do_resolv = 1;
break;
case 'n':
- co.test_only = 1;
+ g_co.test_only = 1;
break;
case 'p':
@@ -518,11 +518,11 @@ ipfw_readfile(int ac, char *av[])
break;
case 'q':
- co.do_quiet = 1;
+ g_co.do_quiet = 1;
break;
case 'S':
- co.show_sets = 1;
+ g_co.show_sets = 1;
break;
default:
diff --git a/sbin/ipfw/nat.c b/sbin/ipfw/nat.c
index f0e190266b73..bbf5be666ea0 100644
--- a/sbin/ipfw/nat.c
+++ b/sbin/ipfw/nat.c
@@ -117,7 +117,7 @@ set_addr_dynamic(const char *ifn, struct nat44_cfg_nat *n)
ifm = (struct if_msghdr *)next;
next += ifm->ifm_msglen;
if (ifm->ifm_version != RTM_VERSION) {
- if (co.verbose)
+ if (g_co.verbose)
warnx("routing message version %d "
"not understood", ifm->ifm_version);
continue;
@@ -141,7 +141,7 @@ set_addr_dynamic(const char *ifn, struct nat44_cfg_nat *n)
ifam = (struct ifa_msghdr *)next;
next += ifam->ifam_msglen;
if (ifam->ifam_version != RTM_VERSION) {
- if (co.verbose)
+ if (g_co.verbose)
warnx("routing message version %d "
"not understood", ifam->ifam_version);
continue;
@@ -623,7 +623,7 @@ setup_redir_proto(char *buf, int *ac, char ***av)
}
static void
-nat_show_log(struct nat44_cfg_nat *n, void *arg)
+nat_show_log(struct nat44_cfg_nat *n, void *arg __unused)
{
char *buf;
@@ -633,13 +633,14 @@ nat_show_log(struct nat44_cfg_nat *n, void *arg)
}
static void
-nat_show_cfg(struct nat44_cfg_nat *n, void *arg)
+nat_show_cfg(struct nat44_cfg_nat *n, void *arg __unused)
{
- int i, cnt, off;
struct nat44_cfg_redir *t;
struct nat44_cfg_spool *s;
caddr_t buf;
struct protoent *p;
+ uint32_t cnt;
+ int i, off;
buf = (caddr_t)n;
off = sizeof(*n);
@@ -931,7 +932,7 @@ ipfw_config_nat(int ac, char **av)
if (i != 0)
err(1, "setsockopt(%s)", "IP_FW_NAT44_XCONFIG");
- if (!co.do_quiet) {
+ if (!g_co.do_quiet) {
/* After every modification, we show the resultant rule. */
int _ac = 3;
const char *_av[] = {"show", "config", id};
@@ -960,7 +961,7 @@ ipfw_delete_nat(int i)
nat_fill_ntlv(&oh.ntlv, i);
ret = do_set3(IP_FW_NAT44_DESTROY, &oh.opheader, sizeof(oh));
if (ret == -1) {
- if (!co.do_quiet)
+ if (!g_co.do_quiet)
warn("nat %u not available", i);
return (EX_UNAVAILABLE);
}
@@ -1012,10 +1013,10 @@ nat_show_data(struct nat44_cfg_nat *cfg, void *arg)
static int
natname_cmp(const void *a, const void *b)
{
- struct nat44_cfg_nat *ia, *ib;
+ const struct nat44_cfg_nat *ia, *ib;
- ia = (struct nat44_cfg_nat *)a;
- ib = (struct nat44_cfg_nat *)b;
+ ia = (const struct nat44_cfg_nat *)a;
+ ib = (const struct nat44_cfg_nat *)b;
return (stringnum_cmp(ia->name, ib->name));
}
@@ -1031,7 +1032,8 @@ nat_foreach(nat_cb_t *f, void *arg, int sort)
ipfw_obj_lheader *olh;
struct nat44_cfg_nat *cfg;
size_t sz;
- int i, error;
+ uint32_t i;
+ int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(struct nat44_cfg_nat);
@@ -1110,7 +1112,7 @@ ipfw_show_nat(int ac, char **av)
ac--;
av++;
- if (co.test_only)
+ if (g_co.test_only)
return;
/* Parse parameters. */
diff --git a/sbin/ipfw/nat64clat.c b/sbin/ipfw/nat64clat.c
index bf91f70d6f23..081d199bd59d 100644
--- a/sbin/ipfw/nat64clat.c
+++ b/sbin/ipfw/nat64clat.c
@@ -96,8 +96,8 @@ ipfw_nat64clat_handler(int ac, char *av[])
int tcmd;
uint8_t set;
- if (co.use_set != 0)
- set = co.use_set - 1;
+ if (g_co.use_set != 0)
+ set = g_co.use_set - 1;
else
set = 0;
ac--; av++;
@@ -389,7 +389,7 @@ nat64clat_stats(const char *name, uint8_t set)
if (nat64clat_get_stats(name, set, &stats) != 0)
err(EX_OSERR, "Error retrieving stats");
- if (co.use_set != 0 || set != 0)
+ if (g_co.use_set != 0 || set != 0)
printf("set %u ", set);
printf("nat64clat %s\n", name);
@@ -438,10 +438,10 @@ nat64clat_show_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set)
if (name != NULL && strcmp(cfg->name, name) != 0)
return (ESRCH);
- if (co.use_set != 0 && cfg->set != set)
+ if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
- if (co.use_set != 0 || cfg->set != 0)
+ if (g_co.use_set != 0 || cfg->set != 0)
printf("set %u ", cfg->set);
inet_ntop(AF_INET6, &cfg->clat_prefix, clat_buf, sizeof(clat_buf));
@@ -457,10 +457,11 @@ nat64clat_show_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set)
}
static int
-nat64clat_destroy_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set)
+nat64clat_destroy_cb(ipfw_nat64clat_cfg *cfg, const char *name __unused,
+ uint8_t set)
{
- if (co.use_set != 0 && cfg->set != set)
+ if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
nat64clat_destroy(cfg->name, cfg->set);
@@ -475,10 +476,10 @@ nat64clat_destroy_cb(ipfw_nat64clat_cfg *cfg, const char *name, uint8_t set)
static int
nat64name_cmp(const void *a, const void *b)
{
- ipfw_nat64clat_cfg *ca, *cb;
+ const ipfw_nat64clat_cfg *ca, *cb;
- ca = (ipfw_nat64clat_cfg *)a;
- cb = (ipfw_nat64clat_cfg *)b;
+ ca = (const ipfw_nat64clat_cfg *)a;
+ cb = (const ipfw_nat64clat_cfg *)b;
if (ca->set > cb->set)
return (1);
@@ -500,7 +501,8 @@ nat64clat_foreach(nat64clat_cb_t *f, const char *name, uint8_t set, int sort)
ipfw_obj_lheader *olh;
ipfw_nat64clat_cfg *cfg;
size_t sz;
- int i, error;
+ uint32_t i;
+ int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(*cfg);
diff --git a/sbin/ipfw/nat64lsn.c b/sbin/ipfw/nat64lsn.c
index c3368d9e16ce..aaceefca5ff8 100644
--- a/sbin/ipfw/nat64lsn.c
+++ b/sbin/ipfw/nat64lsn.c
@@ -84,13 +84,15 @@ static uint64_t
nat64lsn_print_states(void *buf)
{
char s[INET6_ADDRSTRLEN], a[INET_ADDRSTRLEN], f[INET_ADDRSTRLEN];
- char sflags[4], *sf, *proto;
+ const char *proto;
+ char sflags[4], *sf;
ipfw_obj_header *oh;
ipfw_obj_data *od;
ipfw_nat64lsn_stg_v1 *stg;
ipfw_nat64lsn_state_v1 *ste;
uint64_t next_idx;
- int i, sz;
+ uint32_t i;
+ int sz;
oh = (ipfw_obj_header *)buf;
od = (ipfw_obj_data *)(oh + 1);
@@ -256,8 +258,8 @@ ipfw_nat64lsn_handler(int ac, char *av[])
int tcmd;
uint8_t set;
- if (co.use_set != 0)
- set = co.use_set - 1;
+ if (g_co.use_set != 0)
+ set = g_co.use_set - 1;
else
set = 0;
ac--; av++;
@@ -704,7 +706,7 @@ nat64lsn_stats(const char *name, uint8_t set)
if (nat64lsn_get_stats(name, set, &stats) != 0)
err(EX_OSERR, "Error retrieving stats");
- if (co.use_set != 0 || set != 0)
+ if (g_co.use_set != 0 || set != 0)
printf("set %u ", set);
printf("nat64lsn %s\n", name);
printf("\t%ju packets translated from IPv6 to IPv4\n",
@@ -769,32 +771,32 @@ nat64lsn_show_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set)
if (name != NULL && strcmp(cfg->name, name) != 0)
return (ESRCH);
- if (co.use_set != 0 && cfg->set != set)
+ if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
- if (co.use_set != 0 || cfg->set != 0)
+ if (g_co.use_set != 0 || cfg->set != 0)
printf("set %u ", cfg->set);
inet_ntop(AF_INET, &cfg->prefix4, abuf, sizeof(abuf));
printf("nat64lsn %s prefix4 %s/%u", cfg->name, abuf, cfg->plen4);
inet_ntop(AF_INET6, &cfg->prefix6, abuf, sizeof(abuf));
printf(" prefix6 %s/%u", abuf, cfg->plen6);
- if (co.verbose || cfg->states_chunks > 1)
+ if (g_co.verbose || cfg->states_chunks > 1)
printf(" states_chunks %u", cfg->states_chunks);
- if (co.verbose || cfg->nh_delete_delay != NAT64LSN_HOST_AGE)
+ if (g_co.verbose || cfg->nh_delete_delay != NAT64LSN_HOST_AGE)
printf(" host_del_age %u", cfg->nh_delete_delay);
- if (co.verbose || cfg->pg_delete_delay != NAT64LSN_PG_AGE)
+ if (g_co.verbose || cfg->pg_delete_delay != NAT64LSN_PG_AGE)
printf(" pg_del_age %u", cfg->pg_delete_delay);
- if (co.verbose || cfg->st_syn_ttl != NAT64LSN_TCP_SYN_AGE)
+ if (g_co.verbose || cfg->st_syn_ttl != NAT64LSN_TCP_SYN_AGE)
printf(" tcp_syn_age %u", cfg->st_syn_ttl);
- if (co.verbose || cfg->st_close_ttl != NAT64LSN_TCP_FIN_AGE)
+ if (g_co.verbose || cfg->st_close_ttl != NAT64LSN_TCP_FIN_AGE)
printf(" tcp_close_age %u", cfg->st_close_ttl);
- if (co.verbose || cfg->st_estab_ttl != NAT64LSN_TCP_EST_AGE)
+ if (g_co.verbose || cfg->st_estab_ttl != NAT64LSN_TCP_EST_AGE)
printf(" tcp_est_age %u", cfg->st_estab_ttl);
- if (co.verbose || cfg->st_udp_ttl != NAT64LSN_UDP_AGE)
+ if (g_co.verbose || cfg->st_udp_ttl != NAT64LSN_UDP_AGE)
printf(" udp_age %u", cfg->st_udp_ttl);
- if (co.verbose || cfg->st_icmp_ttl != NAT64LSN_ICMP_AGE)
+ if (g_co.verbose || cfg->st_icmp_ttl != NAT64LSN_ICMP_AGE)
printf(" icmp_age %u", cfg->st_icmp_ttl);
- if (co.verbose || cfg->jmaxlen != NAT64LSN_JMAXLEN)
+ if (g_co.verbose || cfg->jmaxlen != NAT64LSN_JMAXLEN)
printf(" jmaxlen %u", cfg->jmaxlen);
if (cfg->flags & NAT64_LOG)
printf(" log");
@@ -805,10 +807,11 @@ nat64lsn_show_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set)
}
static int
-nat64lsn_destroy_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set)
+nat64lsn_destroy_cb(ipfw_nat64lsn_cfg *cfg, const char *name __unused,
+ uint8_t set)
{
- if (co.use_set != 0 && cfg->set != set)
+ if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
nat64lsn_destroy(cfg->name, cfg->set);
@@ -823,10 +826,10 @@ nat64lsn_destroy_cb(ipfw_nat64lsn_cfg *cfg, const char *name, uint8_t set)
static int
nat64name_cmp(const void *a, const void *b)
{
- ipfw_nat64lsn_cfg *ca, *cb;
+ const ipfw_nat64lsn_cfg *ca, *cb;
- ca = (ipfw_nat64lsn_cfg *)a;
- cb = (ipfw_nat64lsn_cfg *)b;
+ ca = (const ipfw_nat64lsn_cfg *)a;
+ cb = (const ipfw_nat64lsn_cfg *)b;
if (ca->set > cb->set)
return (1);
@@ -848,7 +851,8 @@ nat64lsn_foreach(nat64lsn_cb_t *f, const char *name, uint8_t set, int sort)
ipfw_obj_lheader *olh;
ipfw_nat64lsn_cfg *cfg;
size_t sz;
- int i, error;
+ uint32_t i;
+ int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(ipfw_nat64lsn_cfg);
diff --git a/sbin/ipfw/nat64stl.c b/sbin/ipfw/nat64stl.c
index 658a2455cd5b..44e0cbafbf3e 100644
--- a/sbin/ipfw/nat64stl.c
+++ b/sbin/ipfw/nat64stl.c
@@ -128,8 +128,8 @@ ipfw_nat64stl_handler(int ac, char *av[])
int tcmd;
uint8_t set;
- if (co.use_set != 0)
- set = co.use_set - 1;
+ if (g_co.use_set != 0)
+ set = g_co.use_set - 1;
else
set = 0;
ac--; av++;
@@ -405,7 +405,7 @@ nat64stl_stats(const char *name, uint8_t set)
if (nat64stl_get_stats(name, set, &stats) != 0)
err(EX_OSERR, "Error retrieving stats");
- if (co.use_set != 0 || set != 0)
+ if (g_co.use_set != 0 || set != 0)
printf("set %u ", set);
printf("nat64stl %s\n", name);
@@ -454,10 +454,10 @@ nat64stl_show_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
if (name != NULL && strcmp(cfg->name, name) != 0)
return (ESRCH);
- if (co.use_set != 0 && cfg->set != set)
+ if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
- if (co.use_set != 0 || cfg->set != 0)
+ if (g_co.use_set != 0 || cfg->set != 0)
printf("set %u ", cfg->set);
printf("nat64stl %s table4 %s table6 %s",
@@ -473,10 +473,11 @@ nat64stl_show_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
}
static int
-nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
+nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name __unused,
+ uint8_t set)
{
- if (co.use_set != 0 && cfg->set != set)
+ if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
nat64stl_destroy(cfg->name, cfg->set);
@@ -491,10 +492,10 @@ nat64stl_destroy_cb(ipfw_nat64stl_cfg *cfg, const char *name, uint8_t set)
static int
nat64name_cmp(const void *a, const void *b)
{
- ipfw_nat64stl_cfg *ca, *cb;
+ const ipfw_nat64stl_cfg *ca, *cb;
- ca = (ipfw_nat64stl_cfg *)a;
- cb = (ipfw_nat64stl_cfg *)b;
+ ca = (const ipfw_nat64stl_cfg *)a;
+ cb = (const ipfw_nat64stl_cfg *)b;
if (ca->set > cb->set)
return (1);
@@ -516,7 +517,8 @@ nat64stl_foreach(nat64stl_cb_t *f, const char *name, uint8_t set, int sort)
ipfw_obj_lheader *olh;
ipfw_nat64stl_cfg *cfg;
size_t sz;
- int i, error;
+ uint32_t i;
+ int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(*cfg);
diff --git a/sbin/ipfw/nptv6.c b/sbin/ipfw/nptv6.c
index a2f6a97ae2a7..f2ebbdb65185 100644
--- a/sbin/ipfw/nptv6.c
+++ b/sbin/ipfw/nptv6.c
@@ -89,8 +89,8 @@ ipfw_nptv6_handler(int ac, char *av[])
int tcmd;
uint8_t set;
- if (co.use_set != 0)
- set = co.use_set - 1;
+ if (g_co.use_set != 0)
+ set = g_co.use_set - 1;
else
set = 0;
ac--; av++;
@@ -193,7 +193,7 @@ nptv6_create(const char *name, uint8_t set, int ac, char *av[])
ipfw_nptv6_cfg *cfg;
ipfw_obj_lheader *olh;
int tcmd, flags, plen;
- char *p = "\0";
+ char *p;
plen = 0;
memset(buf, 0, sizeof(buf));
@@ -326,7 +326,7 @@ nptv6_stats(const char *name, uint8_t set)
if (nptv6_get_stats(name, set, &stats) != 0)
err(EX_OSERR, "Error retrieving stats");
- if (co.use_set != 0 || set != 0)
+ if (g_co.use_set != 0 || set != 0)
printf("set %u ", set);
printf("nptv6 %s\n", name);
printf("\t%ju packets translated (internal to external)\n",
@@ -360,10 +360,10 @@ nptv6_show_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set)
if (name != NULL && strcmp(cfg->name, name) != 0)
return (ESRCH);
- if (co.use_set != 0 && cfg->set != set)
+ if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
- if (co.use_set != 0 || cfg->set != 0)
+ if (g_co.use_set != 0 || cfg->set != 0)
printf("set %u ", cfg->set);
inet_ntop(AF_INET6, &cfg->internal, abuf, sizeof(abuf));
printf("nptv6 %s int_prefix %s ", cfg->name, abuf);
@@ -378,10 +378,10 @@ nptv6_show_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set)
}
static int
-nptv6_destroy_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set)
+nptv6_destroy_cb(ipfw_nptv6_cfg *cfg, const char *name __unused, uint8_t set)
{
- if (co.use_set != 0 && cfg->set != set)
+ if (g_co.use_set != 0 && cfg->set != set)
return (ESRCH);
nptv6_destroy(cfg->name, cfg->set);
@@ -396,10 +396,10 @@ nptv6_destroy_cb(ipfw_nptv6_cfg *cfg, const char *name, uint8_t set)
static int
nptv6name_cmp(const void *a, const void *b)
{
- ipfw_nptv6_cfg *ca, *cb;
+ const ipfw_nptv6_cfg *ca, *cb;
- ca = (ipfw_nptv6_cfg *)a;
- cb = (ipfw_nptv6_cfg *)b;
+ ca = (const ipfw_nptv6_cfg *)a;
+ cb = (const ipfw_nptv6_cfg *)b;
if (ca->set > cb->set)
return (1);
@@ -419,7 +419,8 @@ nptv6_foreach(nptv6_cb_t *f, const char *name, uint8_t set, int sort)
ipfw_obj_lheader *olh;
ipfw_nptv6_cfg *cfg;
size_t sz;
- int i, error;
+ uint32_t i;
+ int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(*cfg);
diff --git a/sbin/ipfw/tables.c b/sbin/ipfw/tables.c
index 4be24210d4f0..4fc9e632a591 100644
--- a/sbin/ipfw/tables.c
+++ b/sbin/ipfw/tables.c
@@ -159,8 +159,8 @@ ipfw_table_handler(int ac, char *av[])
memset(&oh, 0, sizeof(oh));
is_all = 0;
- if (co.use_set != 0)
- set = co.use_set - 1;
+ if (g_co.use_set != 0)
+ set = g_co.use_set - 1;
else
set = 0;
@@ -213,8 +213,8 @@ ipfw_table_handler(int ac, char *av[])
case TOK_DEL:
do_add = **av == 'a';
ac--; av++;
- table_modify_record(&oh, ac, av, do_add, co.do_quiet,
- co.do_quiet, atomic);
+ table_modify_record(&oh, ac, av, do_add, g_co.do_quiet,
+ g_co.do_quiet, atomic);
break;
case TOK_CREATE:
ac--; av++;
@@ -232,7 +232,7 @@ ipfw_table_handler(int ac, char *av[])
err(EX_OSERR, "failed to destroy table %s",
tablename);
/* ESRCH isn't fatal, warn if not quiet mode */
- if (co.do_quiet == 0)
+ if (g_co.do_quiet == 0)
warn("failed to destroy table %s", tablename);
} else {
error = tables_foreach(table_destroy_one, &oh, 1);
@@ -249,7 +249,7 @@ ipfw_table_handler(int ac, char *av[])
err(EX_OSERR, "failed to flush table %s info",
tablename);
/* ESRCH isn't fatal, warn if not quiet mode */
- if (co.do_quiet == 0)
+ if (g_co.do_quiet == 0)
warn("failed to flush table %s info",
tablename);
} else {
@@ -284,7 +284,6 @@ ipfw_table_handler(int ac, char *av[])
case TOK_LIST:
arg = is_all ? (void*)1 : NULL;
if (is_all == 0) {
- ipfw_xtable_info i;
if ((error = table_get_info(&oh, &i)) != 0)
err(EX_OSERR, "failed to request table info");
table_show_one(&i, arg);
@@ -341,7 +340,7 @@ static struct _s_x flowtypecmds[] = {
{ NULL, 0 }
};
-int
+static int
table_parse_type(uint8_t ttype, char *p, uint8_t *tflags)
{
uint32_t fset, fclear;
@@ -363,7 +362,7 @@ table_parse_type(uint8_t ttype, char *p, uint8_t *tflags)
return (0);
}
-void
+static void
table_print_type(char *tbuf, size_t size, uint8_t type, uint8_t tflags)
{
const char *tname;
@@ -614,7 +613,7 @@ table_destroy_one(ipfw_xtable_info *i, void *arg)
oh = (ipfw_obj_header *)arg;
table_fill_ntlv(&oh->ntlv, i->tablename, i->set, 1);
if (table_destroy(oh) != 0) {
- if (co.do_quiet == 0)
+ if (g_co.do_quiet == 0)
warn("failed to destroy table(%s) in set %u",
i->tablename, i->set);
return (-1);
@@ -723,7 +722,7 @@ struct ta_cldata {
* Print global/per-AF table @i algorithm info.
*/
static void
-table_show_tainfo(ipfw_xtable_info *i, struct ta_cldata *d,
+table_show_tainfo(ipfw_xtable_info *i __unused, struct ta_cldata *d,
const char *af, const char *taclass)
{
@@ -935,10 +934,10 @@ table_modify_record(ipfw_obj_header *oh, int ac, char *av[], int add,
{
ipfw_obj_tentry *ptent, tent, *tent_buf;
ipfw_xtable_info xi;
+ const char *etxt, *px, *texterr;
uint8_t type;
uint32_t vmask;
int cmd, count, error, i, ignored;
- char *texterr, *etxt, *px;
if (ac == 0)
errx(EX_USAGE, "address required");
@@ -1434,7 +1433,7 @@ tentry_fill_key(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *key,
error = 0;
if (error == 0) {
- if (co.test_only == 0) {
+ if (g_co.test_only == 0) {
/* Table found */
type = xi->type;
tflags = xi->tflags;
@@ -1494,16 +1493,17 @@ set_legacy_value(uint32_t val, ipfw_table_value *v)
}
static void
-tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
- uint8_t type, uint32_t vmask)
+tentry_fill_value(ipfw_obj_header *oh __unused, ipfw_obj_tentry *tent,
+ char *arg, uint8_t type __unused, uint32_t vmask)
{
struct addrinfo hints, *res;
+ struct in_addr ipaddr;
+ const char *etype;
+ char *comma, *e, *n, *p;
uint32_t a4, flag, val;
ipfw_table_value *v;
uint32_t i;
int dval;
- char *comma, *e, *etype, *n, *p;
- struct in_addr ipaddr;
v = &tent->v.value;
@@ -1535,7 +1535,7 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
n = arg;
etype = NULL;
- for (i = 1; i < (1 << 31); i *= 2) {
+ for (i = 1; i < (1u << 31); i *= 2) {
if ((flag = (vmask & i)) == 0)
continue;
vmask &= ~flag;
@@ -1649,10 +1649,10 @@ tentry_fill_value(ipfw_obj_header *oh, ipfw_obj_tentry *tent, char *arg,
static int
tablename_cmp(const void *a, const void *b)
{
- ipfw_xtable_info *ia, *ib;
+ const ipfw_xtable_info *ia, *ib;
- ia = (ipfw_xtable_info *)a;
- ib = (ipfw_xtable_info *)b;
+ ia = (const ipfw_xtable_info *)a;
+ ib = (const ipfw_xtable_info *)b;
return (stringnum_cmp(ia->tablename, ib->tablename));
}
@@ -1668,7 +1668,8 @@ tables_foreach(table_cb_t *f, void *arg, int sort)
ipfw_obj_lheader *olh;
ipfw_xtable_info *info;
size_t sz;
- int i, error;
+ uint32_t i;
+ int error;
/* Start with reasonable default */
sz = sizeof(*olh) + 16 * sizeof(ipfw_xtable_info);
@@ -1692,7 +1693,7 @@ tables_foreach(table_cb_t *f, void *arg, int sort)
info = (ipfw_xtable_info *)(olh + 1);
for (i = 0; i < olh->count; i++) {
- if (co.use_set == 0 || info->set == co.use_set - 1)
+ if (g_co.use_set == 0 || info->set == g_co.use_set - 1)
error = f(info, arg);
info = (ipfw_xtable_info *)((caddr_t)info +
olh->objsize);
@@ -1791,7 +1792,7 @@ table_show_value(char *buf, size_t bufsize, ipfw_table_value *v,
return;
}
- for (i = 1; i < (1 << 31); i *= 2) {
+ for (i = 1; i < (1u << 31); i *= 2) {
if ((flag = (vmask & i)) == 0)
continue;
l = 0;
@@ -1853,12 +1854,13 @@ table_show_value(char *buf, size_t bufsize, ipfw_table_value *v,
static void
table_show_entry(ipfw_xtable_info *i, ipfw_obj_tentry *tent)
{
- char *comma, tbuf[128], pval[128];
+ char tbuf[128], pval[128];
+ const char *comma;
void *paddr;
struct tflow_entry *tfe;
table_show_value(pval, sizeof(pval), &tent->v.value, i->vmask,
- co.do_value_as_ip);
+ g_co.do_value_as_ip);
switch (i->type) {
case IPFW_TABLE_ADDR:
@@ -1961,12 +1963,13 @@ table_do_get_vlist(ipfw_obj_lheader **polh)
}
void
-ipfw_list_ta(int ac, char *av[])
+ipfw_list_ta(int ac __unused, char *av[] __unused)
{
ipfw_obj_lheader *olh;
ipfw_ta_info *info;
- int error, i;
const char *atype;
+ uint32_t i;
+ int error;
error = table_do_get_algolist(&olh);
if (error != 0)
@@ -2006,13 +2009,13 @@ struct _table_value {
uint64_t refcnt; /* Number of references */
};
-int
+static int
compare_values(const void *_a, const void *_b)
{
- struct _table_value *a, *b;
+ const struct _table_value *a, *b;
- a = (struct _table_value *)_a;
- b = (struct _table_value *)_b;
+ a = (const struct _table_value *)_a;
+ b = (const struct _table_value *)_b;
if (a->spare1 < b->spare1)
return (-1);
@@ -2023,13 +2026,13 @@ compare_values(const void *_a, const void *_b)
}
void
-ipfw_list_values(int ac, char *av[])
+ipfw_list_values(int ac __unused, char *av[] __unused)
{
+ char buf[128];
ipfw_obj_lheader *olh;
struct _table_value *v;
- int error, i;
- uint32_t vmask;
- char buf[128];
+ uint32_t i, vmask;
+ int error;
error = table_do_get_vlist(&olh);
if (error != 0)