Remove $FreeBSD$: two-line .h pattern

Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/

ipfw: use function return value to fetch insn argument.

This is a prerequsite for splitting compile_rule() into smaller
chunks.

MFC after: 2 weeks

ipfw(8): Fix most warnings with the default WARNS level.

- Add missing const and static qualifiers.
- Avoid shadowing the global "co" by renaming it to "g_co".
- Avoid mixing signedness in loop bound checks.
- Leave -Wcast-align warnings disabled for now.

Reviewed by: ae, melifaro
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D25456

ipfw(8): In fill_ip6(), use a single statement for both "me" and "me6".

Submitted by: Neel Chauhan <neel AT neelc DOT org>
Reviewed by: rgrimes, Lutz Donnerhacke
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24403

Explicitly initialize the memory buffer to store O_ICMP6TYPE opcode.

By default next_cmd() initializes only first u32 of opcode. O_ICMP6TYPE
opcode has array of bit masks to store corresponding ICMPv6 types.
An opcode that precedes O_ICMP6TYPE, e.g. O_IP6_DST, can have variable
length and during opcode filling it can modify memory that will be used
by O_ICMP6TYPE opcode. Without explicit initialization this leads to
creation of wrong opcode.

Reported by: Boris N. Lytochkin
Obtained from: Yandex LLC
MFC after: 3 days

Make multiline APPLY_MASK() macro to be function-like.

Reported by: cem
MFC after: 1 week

Do not print "ip6" keyword in print_icmp6types() for O_ICMP6TYPE opcode.

It produces incompatibility when rules listing is used again to
restore saved ruleset, because "ip6" keyword produces separate opcode.
The kernel already has the check and only IPv6 packets will be checked
for matching.

PR: 232939
MFC after: 3 days

Do not use bzero() for the O_ICMP6TYPE opcode.

The buffer is already zeroed in compile_rule() function, and also it
may contain configured F_NOT flag in o.len field. This fixes the filling
for "not icmp6types" opcode.

PR: 232939
MFC after: 3 days

Fix indenting in ipv6.c file, use tabs instead of mixing tabs and spaces.

MFC after: 1 week

Remove printing of "not" keyword from print_ip6() function.

After r331668 handling of F_NOT flag done in one place by
print_instruction() function. Also remove unused argument from
print_ip[6]() functions.

MFC after: 1 week

Revert r327005 - SPDX tags for license similar to BSD-2-Clause.

After consultation with SPDX experts and their matching guidelines[1],
the licensing doesn't exactly match the BSD-2-Clause. It yet remains to be
determined if they are equivalent or if there is a recognized license that
matches but it is safer to just revert the tags.

Let this also be a reminder that on FreeBSD, SPDX tags are only advisory
and have no legal value (but IANAL).

Pointyhat to: pfg
Thanks to: Rodney Grimes, Gary O'Neall

[1] https://spdx.org/spdx-license-list/matching-guidelines

SPDX: These are fundamentally BSD-2-Clause.

They just omit the introductory line and numbering.

In fill_ip6(), the value of the pointer av changes before it is
free(3)ed. Thus, introduce a new variable to track the original
value.

Submitted by: Tom Rix
Differential Revision: https://reviews.freebsd.org/D9962

Add missing support of named lookup tables to the IPv6 code.

PR: 214419
MFC after: 1 week
Sponsored by: Yandex LLC

Add support for non-contiguous IPv6 masks in ipfw(8) rules.

For example fe::640:0:0/ffff::ffff:ffff:0:0 will match
addresses fe:*:*:*:0:640:*:*

Submitted by: Eugene Mamchits <mamchits at yandex-team dot ru>
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC

sbin: minor spelling fixes.

No functional change.

Fix output formatting of O_UNREACH6 opcode.

Obtained from: Yandex LLC

Merge buffer-printing changes from from projects/ipfw as preparation
for branch merge.

Requested by: luigi

Move one step further towards libipfw: convert show_static_rule() to
bpprint-output style, so one can now output human-readable rule
representation to preallocated buffer.

Implement buffer size checking in ipfw(8) add cmd.

PR: bin/65961
Submitted by: Eugene Grosbein <eugen@grosbein.pp.ru>
MFC after: 2 weeks

Whitespace fixes

MFC after: 2 weeks

Permit table to be used as IPv6 address.

Reported by: Serhiy Popov <sergiuspso@ukr.net>
MFC after: 2 weeks

Whitespace fixes.

Checked with: md5, diff -w

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

Put nat and ipv6 support in their own files.

Usual moving of code with no changes from ipfw2.c to the
newly created files, and addition of prototypes to ipfw2.h

I have added forward declarations for ipfw_insn_* in ipfw2.h
to avoid a global dependency on ip_fw.h