Remove $FreeBSD$: two-line .h pattern

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/

ipfw: Remove set but unused variables.

Reported by: GCC
Differential Revision: https://reviews.freebsd.org/D40654

Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port aliasing ranges.

Reviewed by: donner, kp
Approved by: 0mp (mentor), donner, kp
Differential Revision: https://reviews.freebsd.org/D23450

ipfw(8): Fix most warnings with the default WARNS level.

- Add missing const and static qualifiers.
- Avoid shadowing the global "co" by renaming it to "g_co".
- Avoid mixing signedness in loop bound checks.
- Leave -Wcast-align warnings disabled for now.

Reviewed by: ae, melifaro
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D25456

Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy
NAT instance.

The NAT44 group of opcodes for IP_FW3 socket option is modern way
to control NAT instances and this method can be used in future to
switch from numeric to named NAT instances, like was done for ipfw
tables.
The IP_FW_NAT_DEL opcode is the last remnant of old ipfw_ctl control
plane that doesn't support versioned operations. This interface will
be retired soon.

Reviewed by: melifaro
MFC after: 10 days
Sponsored by: Yandex LLC

ipfw nat: add missing bits after r357092 (RFC 6598/Carrier Grade NAT)

Submitted by: Neel Chauhan <neel AT neelc DOT org>
Reviewed by: Lutz Donnerhacke
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D23448

Add support for RFC 6598/Carrier Grade NAT subnets. to libalias and ipfw.

In libalias, a new flag PKT_ALIAS_UNREGISTERED_RFC6598 is added.
This is like PKT_ALIAS_UNREGISTERED_ONLY, but also is RFC 6598 aware.
Also, we add a new NAT option to ipfw called unreg_cgn, which is like
unreg_only, but also is RFC 6598-aware. The reason for the new
flags/options is to avoid breaking existing networks, especially those
which rely on RFC 6598 as an external address.

Submitted by: Neel Chauhan <neel AT neelc DOT org>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D22877

Revert r327005 - SPDX tags for license similar to BSD-2-Clause.

After consultation with SPDX experts and their matching guidelines[1],
the licensing doesn't exactly match the BSD-2-Clause. It yet remains to be
determined if they are equivalent or if there is a recognized license that
matches but it is safer to just revert the tags.

Let this also be a reminder that on FreeBSD, SPDX tags are only advisory
and have no legal value (but IANAL).

Pointyhat to: pfg
Thanks to: Rodney Grimes, Gary O'Neall

[1] https://spdx.org/spdx-license-list/matching-guidelines

SPDX: These are fundamentally BSD-2-Clause.

They just omit the introductory line and numbering.

Code cleanup unused-but-set-variable spotted by gcc.

Reviewed by: melifaro
Approved by: bapt (mentor)
Differential Revision: D3473

Fix use-after-free.

Reported by: Coverity Scan, pfg
CID: 1245747

natd(8) will work with an unconfigured interface and effectively not do
anything until the interface is assigned an address. This fixes
ipfw_nat to do the same by using an IP of INADDR_ANY instead of
aborting the nat setup if the requested interface is not yet configured.

Differential Revision: https://reviews.freebsd.org/D1539
Reviewed by: melifaro, glebius, gnn
MFC after: 1 week

Make ipfw_nat module use IP_FW3 codes.

Kernel changes:
* Split kernel/userland nat structures eliminating IPFW_INTERNAL hack.
* Add IP_FW_NAT44_* codes resemblin old ones.
* Assume that instances can be named (no kernel support currently).
* Use both UH+WLOCK locks for all configuration changes.
* Provide full ABI support for old sockopts.

Userland changes:
* Use IP_FW_NAT44_* codes for nat operations.
* Remove undocumented ability to show ranges of nat "log" entries.

Remove unused values

Fix some compile errors at high WARNS, including one
for an uninitialized variable.

unused parameters and variables are annotated with
(void)foo; /* UNUSED */
instead of __unused, because this code needs to build
also on linux and windows.

Fix parsing of redirect_addr argument.

PR: kern/162739
MFC after: 3 days

Actually, if code had followed style(9), there would be less stupid errors
like the one fixed in r223416.

Noticed by: julian

One more braino from me.

Pointy hat to: glebius
Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>

- Fix my braino in the 220835, when I used strtok(). It isn't
applicable here, since modifies the string. Switch to strchr().
- Restore support for undocumented optional parameters of
redir_port and redir_proto, that were disabled in 220835.
- While here, change !isalpha() checks on optinal parameters
for isdigit().

Submitted by: Alexander V. Chernikov <melifaro ipfw.ru>
PR: kern/143653

Implement "global" mode for ipfw nat. It is similar to natd(8)
"globalport" option for multiple NAT instances.

If ipfw rule contains "global" keyword instead of nat_number, then
for each outgoing packet ipfw_nat looks up translation state in all
configured nat instances. If an entry is found, packet aliased
according to that entry, otherwise packet is passed unchanged.

User can specify "skip_global" option in NAT configuration to exclude
an instance from the lookup in global mode.

PR: kern/157867
Submitted by: Alexander V. Chernikov (previous version)
Tested by: Eugene Grosbein

Check nat id a bit more strictly.

Rewrite NAT configuration parser, so that memory allocation size is
calculated dynamically.

PR: kern/143653

More whitespace fixes.

Checked with: md5, diff -x -w

Whitespace fixes.

Checked with: md5, diff -w

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

remove some signed/unsigned and one const/!const warning

Add SCTP NAT support.

Submitted by: CAIA (http://caia.swin.edu.au)

put the altq-related functions into a separate file.
Minor cleanup of the includes used by the various source files,
including annotations of why certain headers are used.

Put nat and ipv6 support in their own files.

Usual moving of code with no changes from ipfw2.c to the
newly created files, and addition of prototypes to ipfw2.h

I have added forward declarations for ipfw_insn_* in ipfw2.h
to avoid a global dependency on ip_fw.h