diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2006-09-28 17:22:02 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-28 21:03:01 -0400 |
| commit | a76b11dd25957287af12ce6855be6d7fd415b3a9 (patch) | |
| tree | f85569f37e1c05d9b946e7df4b826d401dc1d593 | |
| parent | cdcb71bf964e02e0a22007f5d90ead7bede3b85b (diff) | |
[NETFILTER]: NAT annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_nat.h | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_core.c | 14 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_ftp.c | 10 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_helper.c | 37 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_helper_pptp.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_icmp.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_tcp.c | 10 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_udp.c | 10 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_rule.c | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_sip.c | 8 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_snmp_basic.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_standalone.c | 2 |
12 files changed, 51 insertions, 54 deletions
diff --git a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h index 98f8407e4cb5..bdf553620ca1 100644 --- a/include/linux/netfilter_ipv4/ip_nat.h +++ b/include/linux/netfilter_ipv4/ip_nat.h | |||
| @@ -33,7 +33,7 @@ struct ip_nat_range | |||
| 33 | unsigned int flags; | 33 | unsigned int flags; |
| 34 | 34 | ||
| 35 | /* Inclusive: network order. */ | 35 | /* Inclusive: network order. */ |
| 36 | u_int32_t min_ip, max_ip; | 36 | __be32 min_ip, max_ip; |
| 37 | 37 | ||
| 38 | /* Inclusive: network order */ | 38 | /* Inclusive: network order */ |
| 39 | union ip_conntrack_manip_proto min, max; | 39 | union ip_conntrack_manip_proto min, max; |
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 71f3e09cbc84..4b6260a97408 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c | |||
| @@ -82,7 +82,7 @@ static inline unsigned int | |||
| 82 | hash_by_src(const struct ip_conntrack_tuple *tuple) | 82 | hash_by_src(const struct ip_conntrack_tuple *tuple) |
| 83 | { | 83 | { |
| 84 | /* Original src, to ensure we map it consistently if poss. */ | 84 | /* Original src, to ensure we map it consistently if poss. */ |
| 85 | return jhash_3words(tuple->src.ip, tuple->src.u.all, | 85 | return jhash_3words((__force u32)tuple->src.ip, tuple->src.u.all, |
| 86 | tuple->dst.protonum, 0) % ip_nat_htable_size; | 86 | tuple->dst.protonum, 0) % ip_nat_htable_size; |
| 87 | } | 87 | } |
| 88 | 88 | ||
| @@ -190,7 +190,7 @@ find_best_ips_proto(struct ip_conntrack_tuple *tuple, | |||
| 190 | const struct ip_conntrack *conntrack, | 190 | const struct ip_conntrack *conntrack, |
| 191 | enum ip_nat_manip_type maniptype) | 191 | enum ip_nat_manip_type maniptype) |
| 192 | { | 192 | { |
| 193 | u_int32_t *var_ipp; | 193 | __be32 *var_ipp; |
| 194 | /* Host order */ | 194 | /* Host order */ |
| 195 | u_int32_t minip, maxip, j; | 195 | u_int32_t minip, maxip, j; |
| 196 | 196 | ||
| @@ -217,7 +217,7 @@ find_best_ips_proto(struct ip_conntrack_tuple *tuple, | |||
| 217 | * like this), even across reboots. */ | 217 | * like this), even across reboots. */ |
| 218 | minip = ntohl(range->min_ip); | 218 | minip = ntohl(range->min_ip); |
| 219 | maxip = ntohl(range->max_ip); | 219 | maxip = ntohl(range->max_ip); |
| 220 | j = jhash_2words(tuple->src.ip, tuple->dst.ip, 0); | 220 | j = jhash_2words((__force u32)tuple->src.ip, (__force u32)tuple->dst.ip, 0); |
| 221 | *var_ipp = htonl(minip + j % (maxip - minip + 1)); | 221 | *var_ipp = htonl(minip + j % (maxip - minip + 1)); |
| 222 | } | 222 | } |
| 223 | 223 | ||
| @@ -534,9 +534,9 @@ int | |||
| 534 | ip_nat_port_range_to_nfattr(struct sk_buff *skb, | 534 | ip_nat_port_range_to_nfattr(struct sk_buff *skb, |
| 535 | const struct ip_nat_range *range) | 535 | const struct ip_nat_range *range) |
| 536 | { | 536 | { |
| 537 | NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(u_int16_t), | 537 | NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(__be16), |
| 538 | &range->min.tcp.port); | 538 | &range->min.tcp.port); |
| 539 | NFA_PUT(skb, CTA_PROTONAT_PORT_MAX, sizeof(u_int16_t), | 539 | NFA_PUT(skb, CTA_PROTONAT_PORT_MAX, sizeof(__be16), |
| 540 | &range->max.tcp.port); | 540 | &range->max.tcp.port); |
| 541 | 541 | ||
| 542 | return 0; | 542 | return 0; |
| @@ -555,7 +555,7 @@ ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range) | |||
| 555 | if (tb[CTA_PROTONAT_PORT_MIN-1]) { | 555 | if (tb[CTA_PROTONAT_PORT_MIN-1]) { |
| 556 | ret = 1; | 556 | ret = 1; |
| 557 | range->min.tcp.port = | 557 | range->min.tcp.port = |
| 558 | *(u_int16_t *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]); | 558 | *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]); |
| 559 | } | 559 | } |
| 560 | 560 | ||
| 561 | if (!tb[CTA_PROTONAT_PORT_MAX-1]) { | 561 | if (!tb[CTA_PROTONAT_PORT_MAX-1]) { |
| @@ -564,7 +564,7 @@ ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range) | |||
| 564 | } else { | 564 | } else { |
| 565 | ret = 1; | 565 | ret = 1; |
| 566 | range->max.tcp.port = | 566 | range->max.tcp.port = |
| 567 | *(u_int16_t *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]); | 567 | *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]); |
| 568 | } | 568 | } |
| 569 | 569 | ||
| 570 | return ret; | 570 | return ret; |
diff --git a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c index 3328fc5c5f50..a71c233d8112 100644 --- a/net/ipv4/netfilter/ip_nat_ftp.c +++ b/net/ipv4/netfilter/ip_nat_ftp.c | |||
| @@ -34,7 +34,7 @@ MODULE_DESCRIPTION("ftp NAT helper"); | |||
| 34 | 34 | ||
| 35 | static int | 35 | static int |
| 36 | mangle_rfc959_packet(struct sk_buff **pskb, | 36 | mangle_rfc959_packet(struct sk_buff **pskb, |
| 37 | u_int32_t newip, | 37 | __be32 newip, |
| 38 | u_int16_t port, | 38 | u_int16_t port, |
| 39 | unsigned int matchoff, | 39 | unsigned int matchoff, |
| 40 | unsigned int matchlen, | 40 | unsigned int matchlen, |
| @@ -57,7 +57,7 @@ mangle_rfc959_packet(struct sk_buff **pskb, | |||
| 57 | /* |1|132.235.1.2|6275| */ | 57 | /* |1|132.235.1.2|6275| */ |
| 58 | static int | 58 | static int |
| 59 | mangle_eprt_packet(struct sk_buff **pskb, | 59 | mangle_eprt_packet(struct sk_buff **pskb, |
| 60 | u_int32_t newip, | 60 | __be32 newip, |
| 61 | u_int16_t port, | 61 | u_int16_t port, |
| 62 | unsigned int matchoff, | 62 | unsigned int matchoff, |
| 63 | unsigned int matchlen, | 63 | unsigned int matchlen, |
| @@ -79,7 +79,7 @@ mangle_eprt_packet(struct sk_buff **pskb, | |||
| 79 | /* |1|132.235.1.2|6275| */ | 79 | /* |1|132.235.1.2|6275| */ |
| 80 | static int | 80 | static int |
| 81 | mangle_epsv_packet(struct sk_buff **pskb, | 81 | mangle_epsv_packet(struct sk_buff **pskb, |
| 82 | u_int32_t newip, | 82 | __be32 newip, |
| 83 | u_int16_t port, | 83 | u_int16_t port, |
| 84 | unsigned int matchoff, | 84 | unsigned int matchoff, |
| 85 | unsigned int matchlen, | 85 | unsigned int matchlen, |
| @@ -98,7 +98,7 @@ mangle_epsv_packet(struct sk_buff **pskb, | |||
| 98 | matchlen, buffer, strlen(buffer)); | 98 | matchlen, buffer, strlen(buffer)); |
| 99 | } | 99 | } |
| 100 | 100 | ||
| 101 | static int (*mangle[])(struct sk_buff **, u_int32_t, u_int16_t, | 101 | static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, |
| 102 | unsigned int, | 102 | unsigned int, |
| 103 | unsigned int, | 103 | unsigned int, |
| 104 | struct ip_conntrack *, | 104 | struct ip_conntrack *, |
| @@ -120,7 +120,7 @@ static unsigned int ip_nat_ftp(struct sk_buff **pskb, | |||
| 120 | struct ip_conntrack_expect *exp, | 120 | struct ip_conntrack_expect *exp, |
| 121 | u32 *seq) | 121 | u32 *seq) |
| 122 | { | 122 | { |
| 123 | u_int32_t newip; | 123 | __be32 newip; |
| 124 | u_int16_t port; | 124 | u_int16_t port; |
| 125 | int dir = CTINFO2DIR(ctinfo); | 125 | int dir = CTINFO2DIR(ctinfo); |
| 126 | struct ip_conntrack *ct = exp->master; | 126 | struct ip_conntrack *ct = exp->master; |
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c index e9c5187ea5b2..3bf858480558 100644 --- a/net/ipv4/netfilter/ip_nat_helper.c +++ b/net/ipv4/netfilter/ip_nat_helper.c | |||
| @@ -189,7 +189,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
| 189 | datalen, 0)); | 189 | datalen, 0)); |
| 190 | } else | 190 | } else |
| 191 | tcph->check = nf_proto_csum_update(*pskb, | 191 | tcph->check = nf_proto_csum_update(*pskb, |
| 192 | htons(oldlen) ^ 0xFFFF, | 192 | htons(oldlen) ^ htons(0xFFFF), |
| 193 | htons(datalen), | 193 | htons(datalen), |
| 194 | tcph->check, 1); | 194 | tcph->check, 1); |
| 195 | 195 | ||
| @@ -267,7 +267,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
| 267 | udph->check = -1; | 267 | udph->check = -1; |
| 268 | } else | 268 | } else |
| 269 | udph->check = nf_proto_csum_update(*pskb, | 269 | udph->check = nf_proto_csum_update(*pskb, |
| 270 | htons(oldlen) ^ 0xFFFF, | 270 | htons(oldlen) ^ htons(0xFFFF), |
| 271 | htons(datalen), | 271 | htons(datalen), |
| 272 | udph->check, 1); | 272 | udph->check, 1); |
| 273 | return 1; | 273 | return 1; |
| @@ -284,26 +284,24 @@ sack_adjust(struct sk_buff *skb, | |||
| 284 | { | 284 | { |
| 285 | while (sackoff < sackend) { | 285 | while (sackoff < sackend) { |
| 286 | struct tcp_sack_block_wire *sack; | 286 | struct tcp_sack_block_wire *sack; |
| 287 | u_int32_t new_start_seq, new_end_seq; | 287 | __be32 new_start_seq, new_end_seq; |
| 288 | 288 | ||
| 289 | sack = (void *)skb->data + sackoff; | 289 | sack = (void *)skb->data + sackoff; |
| 290 | if (after(ntohl(sack->start_seq) - natseq->offset_before, | 290 | if (after(ntohl(sack->start_seq) - natseq->offset_before, |
| 291 | natseq->correction_pos)) | 291 | natseq->correction_pos)) |
| 292 | new_start_seq = ntohl(sack->start_seq) | 292 | new_start_seq = htonl(ntohl(sack->start_seq) |
| 293 | - natseq->offset_after; | 293 | - natseq->offset_after); |
| 294 | else | 294 | else |
| 295 | new_start_seq = ntohl(sack->start_seq) | 295 | new_start_seq = htonl(ntohl(sack->start_seq) |
| 296 | - natseq->offset_before; | 296 | - natseq->offset_before); |
| 297 | new_start_seq = htonl(new_start_seq); | ||
| 298 | 297 | ||
| 299 | if (after(ntohl(sack->end_seq) - natseq->offset_before, | 298 | if (after(ntohl(sack->end_seq) - natseq->offset_before, |
| 300 | natseq->correction_pos)) | 299 | natseq->correction_pos)) |
| 301 | new_end_seq = ntohl(sack->end_seq) | 300 | new_end_seq = htonl(ntohl(sack->end_seq) |
| 302 | - natseq->offset_after; | 301 | - natseq->offset_after); |
| 303 | else | 302 | else |
| 304 | new_end_seq = ntohl(sack->end_seq) | 303 | new_end_seq = htonl(ntohl(sack->end_seq) |
| 305 | - natseq->offset_before; | 304 | - natseq->offset_before); |
| 306 | new_end_seq = htonl(new_end_seq); | ||
| 307 | 305 | ||
| 308 | DEBUGP("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n", | 306 | DEBUGP("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n", |
| 309 | ntohl(sack->start_seq), new_start_seq, | 307 | ntohl(sack->start_seq), new_start_seq, |
| @@ -375,7 +373,8 @@ ip_nat_seq_adjust(struct sk_buff **pskb, | |||
| 375 | enum ip_conntrack_info ctinfo) | 373 | enum ip_conntrack_info ctinfo) |
| 376 | { | 374 | { |
| 377 | struct tcphdr *tcph; | 375 | struct tcphdr *tcph; |
| 378 | int dir, newseq, newack; | 376 | int dir; |
| 377 | __be32 newseq, newack; | ||
| 379 | struct ip_nat_seq *this_way, *other_way; | 378 | struct ip_nat_seq *this_way, *other_way; |
| 380 | 379 | ||
| 381 | dir = CTINFO2DIR(ctinfo); | 380 | dir = CTINFO2DIR(ctinfo); |
| @@ -388,17 +387,15 @@ ip_nat_seq_adjust(struct sk_buff **pskb, | |||
| 388 | 387 | ||
| 389 | tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 388 | tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; |
| 390 | if (after(ntohl(tcph->seq), this_way->correction_pos)) | 389 | if (after(ntohl(tcph->seq), this_way->correction_pos)) |
| 391 | newseq = ntohl(tcph->seq) + this_way->offset_after; | 390 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); |
| 392 | else | 391 | else |
| 393 | newseq = ntohl(tcph->seq) + this_way->offset_before; | 392 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_before); |
| 394 | newseq = htonl(newseq); | ||
| 395 | 393 | ||
| 396 | if (after(ntohl(tcph->ack_seq) - other_way->offset_before, | 394 | if (after(ntohl(tcph->ack_seq) - other_way->offset_before, |
| 397 | other_way->correction_pos)) | 395 | other_way->correction_pos)) |
| 398 | newack = ntohl(tcph->ack_seq) - other_way->offset_after; | 396 | newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_after); |
| 399 | else | 397 | else |
| 400 | newack = ntohl(tcph->ack_seq) - other_way->offset_before; | 398 | newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); |
| 401 | newack = htonl(newack); | ||
| 402 | 399 | ||
| 403 | tcph->check = nf_proto_csum_update(*pskb, ~tcph->seq, newseq, | 400 | tcph->check = nf_proto_csum_update(*pskb, ~tcph->seq, newseq, |
| 404 | tcph->check, 0); | 401 | tcph->check, 0); |
diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c index 2ff578807123..329fdcd7d702 100644 --- a/net/ipv4/netfilter/ip_nat_helper_pptp.c +++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c | |||
| @@ -51,7 +51,7 @@ | |||
| 51 | 51 | ||
| 52 | #define IP_NAT_PPTP_VERSION "3.0" | 52 | #define IP_NAT_PPTP_VERSION "3.0" |
| 53 | 53 | ||
| 54 | #define REQ_CID(req, off) (*(u_int16_t *)((char *)(req) + (off))) | 54 | #define REQ_CID(req, off) (*(__be16 *)((char *)(req) + (off))) |
| 55 | 55 | ||
| 56 | MODULE_LICENSE("GPL"); | 56 | MODULE_LICENSE("GPL"); |
| 57 | MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); | 57 | MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); |
diff --git a/net/ipv4/netfilter/ip_nat_proto_icmp.c b/net/ipv4/netfilter/ip_nat_proto_icmp.c index ec50cc295317..3f6efc13ac74 100644 --- a/net/ipv4/netfilter/ip_nat_proto_icmp.c +++ b/net/ipv4/netfilter/ip_nat_proto_icmp.c | |||
| @@ -67,7 +67,7 @@ icmp_manip_pkt(struct sk_buff **pskb, | |||
| 67 | 67 | ||
| 68 | hdr = (struct icmphdr *)((*pskb)->data + hdroff); | 68 | hdr = (struct icmphdr *)((*pskb)->data + hdroff); |
| 69 | hdr->checksum = nf_proto_csum_update(*pskb, | 69 | hdr->checksum = nf_proto_csum_update(*pskb, |
| 70 | hdr->un.echo.id ^ 0xFFFF, | 70 | hdr->un.echo.id ^ htons(0xFFFF), |
| 71 | tuple->src.u.icmp.id, | 71 | tuple->src.u.icmp.id, |
| 72 | hdr->checksum, 0); | 72 | hdr->checksum, 0); |
| 73 | hdr->un.echo.id = tuple->src.u.icmp.id; | 73 | hdr->un.echo.id = tuple->src.u.icmp.id; |
diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c index 72a6307bd2db..12deb13b93b1 100644 --- a/net/ipv4/netfilter/ip_nat_proto_tcp.c +++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c | |||
| @@ -24,7 +24,7 @@ tcp_in_range(const struct ip_conntrack_tuple *tuple, | |||
| 24 | const union ip_conntrack_manip_proto *min, | 24 | const union ip_conntrack_manip_proto *min, |
| 25 | const union ip_conntrack_manip_proto *max) | 25 | const union ip_conntrack_manip_proto *max) |
| 26 | { | 26 | { |
| 27 | u_int16_t port; | 27 | __be16 port; |
| 28 | 28 | ||
| 29 | if (maniptype == IP_NAT_MANIP_SRC) | 29 | if (maniptype == IP_NAT_MANIP_SRC) |
| 30 | port = tuple->src.u.tcp.port; | 30 | port = tuple->src.u.tcp.port; |
| @@ -42,7 +42,7 @@ tcp_unique_tuple(struct ip_conntrack_tuple *tuple, | |||
| 42 | const struct ip_conntrack *conntrack) | 42 | const struct ip_conntrack *conntrack) |
| 43 | { | 43 | { |
| 44 | static u_int16_t port; | 44 | static u_int16_t port; |
| 45 | u_int16_t *portptr; | 45 | __be16 *portptr; |
| 46 | unsigned int range_size, min, i; | 46 | unsigned int range_size, min, i; |
| 47 | 47 | ||
| 48 | if (maniptype == IP_NAT_MANIP_SRC) | 48 | if (maniptype == IP_NAT_MANIP_SRC) |
| @@ -93,8 +93,8 @@ tcp_manip_pkt(struct sk_buff **pskb, | |||
| 93 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 93 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); |
| 94 | struct tcphdr *hdr; | 94 | struct tcphdr *hdr; |
| 95 | unsigned int hdroff = iphdroff + iph->ihl*4; | 95 | unsigned int hdroff = iphdroff + iph->ihl*4; |
| 96 | u32 oldip, newip; | 96 | __be32 oldip, newip; |
| 97 | u16 *portptr, newport, oldport; | 97 | __be16 *portptr, newport, oldport; |
| 98 | int hdrsize = 8; /* TCP connection tracking guarantees this much */ | 98 | int hdrsize = 8; /* TCP connection tracking guarantees this much */ |
| 99 | 99 | ||
| 100 | /* this could be a inner header returned in icmp packet; in such | 100 | /* this could be a inner header returned in icmp packet; in such |
| @@ -130,7 +130,7 @@ tcp_manip_pkt(struct sk_buff **pskb, | |||
| 130 | return 1; | 130 | return 1; |
| 131 | 131 | ||
| 132 | hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip, hdr->check, 1); | 132 | hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip, hdr->check, 1); |
| 133 | hdr->check = nf_proto_csum_update(*pskb, oldport ^ 0xFFFF, newport, | 133 | hdr->check = nf_proto_csum_update(*pskb, oldport ^ htons(0xFFFF), newport, |
| 134 | hdr->check, 0); | 134 | hdr->check, 0); |
| 135 | return 1; | 135 | return 1; |
| 136 | } | 136 | } |
diff --git a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c index 5da196ae758c..4bbec7730d18 100644 --- a/net/ipv4/netfilter/ip_nat_proto_udp.c +++ b/net/ipv4/netfilter/ip_nat_proto_udp.c | |||
| @@ -24,7 +24,7 @@ udp_in_range(const struct ip_conntrack_tuple *tuple, | |||
| 24 | const union ip_conntrack_manip_proto *min, | 24 | const union ip_conntrack_manip_proto *min, |
| 25 | const union ip_conntrack_manip_proto *max) | 25 | const union ip_conntrack_manip_proto *max) |
| 26 | { | 26 | { |
| 27 | u_int16_t port; | 27 | __be16 port; |
| 28 | 28 | ||
| 29 | if (maniptype == IP_NAT_MANIP_SRC) | 29 | if (maniptype == IP_NAT_MANIP_SRC) |
| 30 | port = tuple->src.u.udp.port; | 30 | port = tuple->src.u.udp.port; |
| @@ -42,7 +42,7 @@ udp_unique_tuple(struct ip_conntrack_tuple *tuple, | |||
| 42 | const struct ip_conntrack *conntrack) | 42 | const struct ip_conntrack *conntrack) |
| 43 | { | 43 | { |
| 44 | static u_int16_t port; | 44 | static u_int16_t port; |
| 45 | u_int16_t *portptr; | 45 | __be16 *portptr; |
| 46 | unsigned int range_size, min, i; | 46 | unsigned int range_size, min, i; |
| 47 | 47 | ||
| 48 | if (maniptype == IP_NAT_MANIP_SRC) | 48 | if (maniptype == IP_NAT_MANIP_SRC) |
| @@ -91,8 +91,8 @@ udp_manip_pkt(struct sk_buff **pskb, | |||
| 91 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 91 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); |
| 92 | struct udphdr *hdr; | 92 | struct udphdr *hdr; |
| 93 | unsigned int hdroff = iphdroff + iph->ihl*4; | 93 | unsigned int hdroff = iphdroff + iph->ihl*4; |
| 94 | u32 oldip, newip; | 94 | __be32 oldip, newip; |
| 95 | u16 *portptr, newport; | 95 | __be16 *portptr, newport; |
| 96 | 96 | ||
| 97 | if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) | 97 | if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) |
| 98 | return 0; | 98 | return 0; |
| @@ -118,7 +118,7 @@ udp_manip_pkt(struct sk_buff **pskb, | |||
| 118 | hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip, | 118 | hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip, |
| 119 | hdr->check, 1); | 119 | hdr->check, 1); |
| 120 | hdr->check = nf_proto_csum_update(*pskb, | 120 | hdr->check = nf_proto_csum_update(*pskb, |
| 121 | *portptr ^ 0xFFFF, newport, | 121 | *portptr ^ htons(0xFFFF), newport, |
| 122 | hdr->check, 0); | 122 | hdr->check, 0); |
| 123 | if (!hdr->check) | 123 | if (!hdr->check) |
| 124 | hdr->check = -1; | 124 | hdr->check = -1; |
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c index 7b703839aa58..a176aa3031e0 100644 --- a/net/ipv4/netfilter/ip_nat_rule.c +++ b/net/ipv4/netfilter/ip_nat_rule.c | |||
| @@ -119,7 +119,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb, | |||
| 119 | } | 119 | } |
| 120 | 120 | ||
| 121 | /* Before 2.6.11 we did implicit source NAT if required. Warn about change. */ | 121 | /* Before 2.6.11 we did implicit source NAT if required. Warn about change. */ |
| 122 | static void warn_if_extra_mangle(u32 dstip, u32 srcip) | 122 | static void warn_if_extra_mangle(__be32 dstip, __be32 srcip) |
| 123 | { | 123 | { |
| 124 | static int warned = 0; | 124 | static int warned = 0; |
| 125 | struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } }; | 125 | struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } }; |
| @@ -205,7 +205,7 @@ alloc_null_binding(struct ip_conntrack *conntrack, | |||
| 205 | per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED). | 205 | per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED). |
| 206 | Use reply in case it's already been mangled (eg local packet). | 206 | Use reply in case it's already been mangled (eg local packet). |
| 207 | */ | 207 | */ |
| 208 | u_int32_t ip | 208 | __be32 ip |
| 209 | = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC | 209 | = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC |
| 210 | ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip | 210 | ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip |
| 211 | : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip); | 211 | : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip); |
| @@ -222,7 +222,7 @@ alloc_null_binding_confirmed(struct ip_conntrack *conntrack, | |||
| 222 | struct ip_nat_info *info, | 222 | struct ip_nat_info *info, |
| 223 | unsigned int hooknum) | 223 | unsigned int hooknum) |
| 224 | { | 224 | { |
| 225 | u_int32_t ip | 225 | __be32 ip |
| 226 | = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC | 226 | = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC |
| 227 | ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip | 227 | ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip |
| 228 | : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip); | 228 | : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip); |
diff --git a/net/ipv4/netfilter/ip_nat_sip.c b/net/ipv4/netfilter/ip_nat_sip.c index 6ffba63adca2..71fc2730a007 100644 --- a/net/ipv4/netfilter/ip_nat_sip.c +++ b/net/ipv4/netfilter/ip_nat_sip.c | |||
| @@ -60,8 +60,8 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb, | |||
| 60 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 60 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
| 61 | char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")]; | 61 | char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")]; |
| 62 | unsigned int bufflen, dataoff; | 62 | unsigned int bufflen, dataoff; |
| 63 | u_int32_t ip; | 63 | __be32 ip; |
| 64 | u_int16_t port; | 64 | __be16 port; |
| 65 | 65 | ||
| 66 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 66 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); |
| 67 | 67 | ||
| @@ -159,7 +159,7 @@ static int mangle_content_len(struct sk_buff **pskb, | |||
| 159 | static unsigned int mangle_sdp(struct sk_buff **pskb, | 159 | static unsigned int mangle_sdp(struct sk_buff **pskb, |
| 160 | enum ip_conntrack_info ctinfo, | 160 | enum ip_conntrack_info ctinfo, |
| 161 | struct ip_conntrack *ct, | 161 | struct ip_conntrack *ct, |
| 162 | u_int32_t newip, u_int16_t port, | 162 | __be32 newip, u_int16_t port, |
| 163 | const char *dptr) | 163 | const char *dptr) |
| 164 | { | 164 | { |
| 165 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; | 165 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; |
| @@ -195,7 +195,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb, | |||
| 195 | { | 195 | { |
| 196 | struct ip_conntrack *ct = exp->master; | 196 | struct ip_conntrack *ct = exp->master; |
| 197 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 197 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
| 198 | u_int32_t newip; | 198 | __be32 newip; |
| 199 | u_int16_t port; | 199 | u_int16_t port; |
| 200 | 200 | ||
| 201 | DEBUGP("ip_nat_sdp():\n"); | 201 | DEBUGP("ip_nat_sdp():\n"); |
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c index 18b7fbdccb61..168f45fa1898 100644 --- a/net/ipv4/netfilter/ip_nat_snmp_basic.c +++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c | |||
| @@ -1211,7 +1211,7 @@ static int snmp_translate(struct ip_conntrack *ct, | |||
| 1211 | struct sk_buff **pskb) | 1211 | struct sk_buff **pskb) |
| 1212 | { | 1212 | { |
| 1213 | struct iphdr *iph = (*pskb)->nh.iph; | 1213 | struct iphdr *iph = (*pskb)->nh.iph; |
| 1214 | struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); | 1214 | struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); |
| 1215 | u_int16_t udplen = ntohs(udph->len); | 1215 | u_int16_t udplen = ntohs(udph->len); |
| 1216 | u_int16_t paylen = udplen - sizeof(struct udphdr); | 1216 | u_int16_t paylen = udplen - sizeof(struct udphdr); |
| 1217 | int dir = CTINFO2DIR(ctinfo); | 1217 | int dir = CTINFO2DIR(ctinfo); |
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 9c577db62047..021395b67463 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c | |||
| @@ -191,7 +191,7 @@ ip_nat_in(unsigned int hooknum, | |||
| 191 | int (*okfn)(struct sk_buff *)) | 191 | int (*okfn)(struct sk_buff *)) |
| 192 | { | 192 | { |
| 193 | unsigned int ret; | 193 | unsigned int ret; |
| 194 | u_int32_t daddr = (*pskb)->nh.iph->daddr; | 194 | __be32 daddr = (*pskb)->nh.iph->daddr; |
| 195 | 195 | ||
| 196 | ret = ip_nat_fn(hooknum, pskb, in, out, okfn); | 196 | ret = ip_nat_fn(hooknum, pskb, in, out, okfn); |
| 197 | if (ret != NF_DROP && ret != NF_STOLEN | 197 | if (ret != NF_DROP && ret != NF_STOLEN |