diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-06-26 01:51:59 -0400 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2010-02-15 10:59:29 -0500 |
| commit | d5d1baa15f5b05e9110403724d5dc72d6d541e04 (patch) | |
| tree | bdd4858e8a63c7aae1b65f44320dae2aa519b48e /net/ipv6 | |
| parent | 739674fb7febf116e7d647031fab16989a08a965 (diff) | |
netfilter: xtables: add const qualifiers
This should make it easier to remove redundant arguments later.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 88 |
1 files changed, 48 insertions, 40 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 3ff4fd50e96e..4185099c2943 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -208,7 +208,7 @@ ip6t_error(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 208 | 208 | ||
| 209 | /* Performance critical - called for every packet */ | 209 | /* Performance critical - called for every packet */ |
| 210 | static inline bool | 210 | static inline bool |
| 211 | do_match(struct ip6t_entry_match *m, const struct sk_buff *skb, | 211 | do_match(const struct ip6t_entry_match *m, const struct sk_buff *skb, |
| 212 | struct xt_match_param *par) | 212 | struct xt_match_param *par) |
| 213 | { | 213 | { |
| 214 | par->match = m->u.kernel.match; | 214 | par->match = m->u.kernel.match; |
| @@ -222,7 +222,7 @@ do_match(struct ip6t_entry_match *m, const struct sk_buff *skb, | |||
| 222 | } | 222 | } |
| 223 | 223 | ||
| 224 | static inline struct ip6t_entry * | 224 | static inline struct ip6t_entry * |
| 225 | get_entry(void *base, unsigned int offset) | 225 | get_entry(const void *base, unsigned int offset) |
| 226 | { | 226 | { |
| 227 | return (struct ip6t_entry *)(base + offset); | 227 | return (struct ip6t_entry *)(base + offset); |
| 228 | } | 228 | } |
| @@ -236,6 +236,12 @@ static inline bool unconditional(const struct ip6t_ip6 *ipv6) | |||
| 236 | return memcmp(ipv6, &uncond, sizeof(uncond)) == 0; | 236 | return memcmp(ipv6, &uncond, sizeof(uncond)) == 0; |
| 237 | } | 237 | } |
| 238 | 238 | ||
| 239 | static inline const struct ip6t_entry_target * | ||
| 240 | ip6t_get_target_c(const struct ip6t_entry *e) | ||
| 241 | { | ||
| 242 | return ip6t_get_target((struct ip6t_entry *)e); | ||
| 243 | } | ||
| 244 | |||
| 239 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 245 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
| 240 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 246 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
| 241 | /* This cries for unification! */ | 247 | /* This cries for unification! */ |
| @@ -271,11 +277,11 @@ static struct nf_loginfo trace_loginfo = { | |||
| 271 | 277 | ||
| 272 | /* Mildly perf critical (only if packet tracing is on) */ | 278 | /* Mildly perf critical (only if packet tracing is on) */ |
| 273 | static inline int | 279 | static inline int |
| 274 | get_chainname_rulenum(struct ip6t_entry *s, struct ip6t_entry *e, | 280 | get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e, |
| 275 | const char *hookname, const char **chainname, | 281 | const char *hookname, const char **chainname, |
| 276 | const char **comment, unsigned int *rulenum) | 282 | const char **comment, unsigned int *rulenum) |
| 277 | { | 283 | { |
| 278 | struct ip6t_standard_target *t = (void *)ip6t_get_target(s); | 284 | const struct ip6t_standard_target *t = (void *)ip6t_get_target_c(s); |
| 279 | 285 | ||
| 280 | if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) { | 286 | if (strcmp(t->target.u.kernel.target->name, IP6T_ERROR_TARGET) == 0) { |
| 281 | /* Head of user chain: ERROR target with chainname */ | 287 | /* Head of user chain: ERROR target with chainname */ |
| @@ -301,15 +307,15 @@ get_chainname_rulenum(struct ip6t_entry *s, struct ip6t_entry *e, | |||
| 301 | return 0; | 307 | return 0; |
| 302 | } | 308 | } |
| 303 | 309 | ||
| 304 | static void trace_packet(struct sk_buff *skb, | 310 | static void trace_packet(const struct sk_buff *skb, |
| 305 | unsigned int hook, | 311 | unsigned int hook, |
| 306 | const struct net_device *in, | 312 | const struct net_device *in, |
| 307 | const struct net_device *out, | 313 | const struct net_device *out, |
| 308 | const char *tablename, | 314 | const char *tablename, |
| 309 | struct xt_table_info *private, | 315 | const struct xt_table_info *private, |
| 310 | struct ip6t_entry *e) | 316 | const struct ip6t_entry *e) |
| 311 | { | 317 | { |
| 312 | void *table_base; | 318 | const void *table_base; |
| 313 | const struct ip6t_entry *root; | 319 | const struct ip6t_entry *root; |
| 314 | const char *hookname, *chainname, *comment; | 320 | const char *hookname, *chainname, *comment; |
| 315 | unsigned int rulenum = 0; | 321 | unsigned int rulenum = 0; |
| @@ -352,9 +358,9 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 352 | /* Initializing verdict to NF_DROP keeps gcc happy. */ | 358 | /* Initializing verdict to NF_DROP keeps gcc happy. */ |
| 353 | unsigned int verdict = NF_DROP; | 359 | unsigned int verdict = NF_DROP; |
| 354 | const char *indev, *outdev; | 360 | const char *indev, *outdev; |
| 355 | void *table_base; | 361 | const void *table_base; |
| 356 | struct ip6t_entry *e, *back; | 362 | struct ip6t_entry *e, *back; |
| 357 | struct xt_table_info *private; | 363 | const struct xt_table_info *private; |
| 358 | struct xt_match_param mtpar; | 364 | struct xt_match_param mtpar; |
| 359 | struct xt_target_param tgpar; | 365 | struct xt_target_param tgpar; |
| 360 | 366 | ||
| @@ -385,7 +391,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 385 | back = get_entry(table_base, private->underflow[hook]); | 391 | back = get_entry(table_base, private->underflow[hook]); |
| 386 | 392 | ||
| 387 | do { | 393 | do { |
| 388 | struct ip6t_entry_target *t; | 394 | const struct ip6t_entry_target *t; |
| 389 | 395 | ||
| 390 | IP_NF_ASSERT(e); | 396 | IP_NF_ASSERT(e); |
| 391 | IP_NF_ASSERT(back); | 397 | IP_NF_ASSERT(back); |
| @@ -400,7 +406,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 400 | ntohs(ipv6_hdr(skb)->payload_len) + | 406 | ntohs(ipv6_hdr(skb)->payload_len) + |
| 401 | sizeof(struct ipv6hdr), 1); | 407 | sizeof(struct ipv6hdr), 1); |
| 402 | 408 | ||
| 403 | t = ip6t_get_target(e); | 409 | t = ip6t_get_target_c(e); |
| 404 | IP_NF_ASSERT(t->u.kernel.target); | 410 | IP_NF_ASSERT(t->u.kernel.target); |
| 405 | 411 | ||
| 406 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 412 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
| @@ -482,7 +488,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 482 | /* Figures out from what hook each rule can be called: returns 0 if | 488 | /* Figures out from what hook each rule can be called: returns 0 if |
| 483 | there are loops. Puts hook bitmask in comefrom. */ | 489 | there are loops. Puts hook bitmask in comefrom. */ |
| 484 | static int | 490 | static int |
| 485 | mark_source_chains(struct xt_table_info *newinfo, | 491 | mark_source_chains(const struct xt_table_info *newinfo, |
| 486 | unsigned int valid_hooks, void *entry0) | 492 | unsigned int valid_hooks, void *entry0) |
| 487 | { | 493 | { |
| 488 | unsigned int hook; | 494 | unsigned int hook; |
| @@ -500,8 +506,8 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 500 | e->counters.pcnt = pos; | 506 | e->counters.pcnt = pos; |
| 501 | 507 | ||
| 502 | for (;;) { | 508 | for (;;) { |
| 503 | struct ip6t_standard_target *t | 509 | const struct ip6t_standard_target *t |
| 504 | = (void *)ip6t_get_target(e); | 510 | = (void *)ip6t_get_target_c(e); |
| 505 | int visited = e->comefrom & (1 << hook); | 511 | int visited = e->comefrom & (1 << hook); |
| 506 | 512 | ||
| 507 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { | 513 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { |
| @@ -610,9 +616,9 @@ cleanup_match(struct ip6t_entry_match *m, struct net *net, unsigned int *i) | |||
| 610 | } | 616 | } |
| 611 | 617 | ||
| 612 | static int | 618 | static int |
| 613 | check_entry(struct ip6t_entry *e, const char *name) | 619 | check_entry(const struct ip6t_entry *e, const char *name) |
| 614 | { | 620 | { |
| 615 | struct ip6t_entry_target *t; | 621 | const struct ip6t_entry_target *t; |
| 616 | 622 | ||
| 617 | if (!ip6_checkentry(&e->ipv6)) { | 623 | if (!ip6_checkentry(&e->ipv6)) { |
| 618 | duprintf("ip_tables: ip check failed %p %s.\n", e, name); | 624 | duprintf("ip_tables: ip check failed %p %s.\n", e, name); |
| @@ -623,7 +629,7 @@ check_entry(struct ip6t_entry *e, const char *name) | |||
| 623 | e->next_offset) | 629 | e->next_offset) |
| 624 | return -EINVAL; | 630 | return -EINVAL; |
| 625 | 631 | ||
| 626 | t = ip6t_get_target(e); | 632 | t = ip6t_get_target_c(e); |
| 627 | if (e->target_offset + t->u.target_size > e->next_offset) | 633 | if (e->target_offset + t->u.target_size > e->next_offset) |
| 628 | return -EINVAL; | 634 | return -EINVAL; |
| 629 | 635 | ||
| @@ -750,14 +756,14 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, | |||
| 750 | return ret; | 756 | return ret; |
| 751 | } | 757 | } |
| 752 | 758 | ||
| 753 | static bool check_underflow(struct ip6t_entry *e) | 759 | static bool check_underflow(const struct ip6t_entry *e) |
| 754 | { | 760 | { |
| 755 | const struct ip6t_entry_target *t; | 761 | const struct ip6t_entry_target *t; |
| 756 | unsigned int verdict; | 762 | unsigned int verdict; |
| 757 | 763 | ||
| 758 | if (!unconditional(&e->ipv6)) | 764 | if (!unconditional(&e->ipv6)) |
| 759 | return false; | 765 | return false; |
| 760 | t = ip6t_get_target(e); | 766 | t = ip6t_get_target_c(e); |
| 761 | if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) | 767 | if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0) |
| 762 | return false; | 768 | return false; |
| 763 | verdict = ((struct ip6t_standard_target *)t)->verdict; | 769 | verdict = ((struct ip6t_standard_target *)t)->verdict; |
| @@ -768,8 +774,8 @@ static bool check_underflow(struct ip6t_entry *e) | |||
| 768 | static int | 774 | static int |
| 769 | check_entry_size_and_hooks(struct ip6t_entry *e, | 775 | check_entry_size_and_hooks(struct ip6t_entry *e, |
| 770 | struct xt_table_info *newinfo, | 776 | struct xt_table_info *newinfo, |
| 771 | unsigned char *base, | 777 | const unsigned char *base, |
| 772 | unsigned char *limit, | 778 | const unsigned char *limit, |
| 773 | const unsigned int *hook_entries, | 779 | const unsigned int *hook_entries, |
| 774 | const unsigned int *underflows, | 780 | const unsigned int *underflows, |
| 775 | unsigned int valid_hooks, | 781 | unsigned int valid_hooks, |
| @@ -984,11 +990,11 @@ get_counters(const struct xt_table_info *t, | |||
| 984 | local_bh_enable(); | 990 | local_bh_enable(); |
| 985 | } | 991 | } |
| 986 | 992 | ||
| 987 | static struct xt_counters *alloc_counters(struct xt_table *table) | 993 | static struct xt_counters *alloc_counters(const struct xt_table *table) |
| 988 | { | 994 | { |
| 989 | unsigned int countersize; | 995 | unsigned int countersize; |
| 990 | struct xt_counters *counters; | 996 | struct xt_counters *counters; |
| 991 | struct xt_table_info *private = table->private; | 997 | const struct xt_table_info *private = table->private; |
| 992 | 998 | ||
| 993 | /* We need atomic snapshot of counters: rest doesn't change | 999 | /* We need atomic snapshot of counters: rest doesn't change |
| 994 | (other than comefrom, which userspace doesn't care | 1000 | (other than comefrom, which userspace doesn't care |
| @@ -1006,11 +1012,11 @@ static struct xt_counters *alloc_counters(struct xt_table *table) | |||
| 1006 | 1012 | ||
| 1007 | static int | 1013 | static int |
| 1008 | copy_entries_to_user(unsigned int total_size, | 1014 | copy_entries_to_user(unsigned int total_size, |
| 1009 | struct xt_table *table, | 1015 | const struct xt_table *table, |
| 1010 | void __user *userptr) | 1016 | void __user *userptr) |
| 1011 | { | 1017 | { |
| 1012 | unsigned int off, num; | 1018 | unsigned int off, num; |
| 1013 | struct ip6t_entry *e; | 1019 | const struct ip6t_entry *e; |
| 1014 | struct xt_counters *counters; | 1020 | struct xt_counters *counters; |
| 1015 | const struct xt_table_info *private = table->private; | 1021 | const struct xt_table_info *private = table->private; |
| 1016 | int ret = 0; | 1022 | int ret = 0; |
| @@ -1062,7 +1068,7 @@ copy_entries_to_user(unsigned int total_size, | |||
| 1062 | } | 1068 | } |
| 1063 | } | 1069 | } |
| 1064 | 1070 | ||
| 1065 | t = ip6t_get_target(e); | 1071 | t = ip6t_get_target_c(e); |
| 1066 | if (copy_to_user(userptr + off + e->target_offset | 1072 | if (copy_to_user(userptr + off + e->target_offset |
| 1067 | + offsetof(struct ip6t_entry_target, | 1073 | + offsetof(struct ip6t_entry_target, |
| 1068 | u.user.name), | 1074 | u.user.name), |
| @@ -1098,24 +1104,24 @@ static int compat_standard_to_user(void __user *dst, const void *src) | |||
| 1098 | } | 1104 | } |
| 1099 | 1105 | ||
| 1100 | static inline int | 1106 | static inline int |
| 1101 | compat_calc_match(struct ip6t_entry_match *m, int *size) | 1107 | compat_calc_match(const struct ip6t_entry_match *m, int *size) |
| 1102 | { | 1108 | { |
| 1103 | *size += xt_compat_match_offset(m->u.kernel.match); | 1109 | *size += xt_compat_match_offset(m->u.kernel.match); |
| 1104 | return 0; | 1110 | return 0; |
| 1105 | } | 1111 | } |
| 1106 | 1112 | ||
| 1107 | static int compat_calc_entry(struct ip6t_entry *e, | 1113 | static int compat_calc_entry(const struct ip6t_entry *e, |
| 1108 | const struct xt_table_info *info, | 1114 | const struct xt_table_info *info, |
| 1109 | void *base, struct xt_table_info *newinfo) | 1115 | const void *base, struct xt_table_info *newinfo) |
| 1110 | { | 1116 | { |
| 1111 | struct ip6t_entry_target *t; | 1117 | const struct ip6t_entry_target *t; |
| 1112 | unsigned int entry_offset; | 1118 | unsigned int entry_offset; |
| 1113 | int off, i, ret; | 1119 | int off, i, ret; |
| 1114 | 1120 | ||
| 1115 | off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); | 1121 | off = sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry); |
| 1116 | entry_offset = (void *)e - base; | 1122 | entry_offset = (void *)e - base; |
| 1117 | IP6T_MATCH_ITERATE(e, compat_calc_match, &off); | 1123 | IP6T_MATCH_ITERATE(e, compat_calc_match, &off); |
| 1118 | t = ip6t_get_target(e); | 1124 | t = ip6t_get_target_c(e); |
| 1119 | off += xt_compat_target_offset(t->u.kernel.target); | 1125 | off += xt_compat_target_offset(t->u.kernel.target); |
| 1120 | newinfo->size -= off; | 1126 | newinfo->size -= off; |
| 1121 | ret = xt_compat_add_offset(AF_INET6, entry_offset, off); | 1127 | ret = xt_compat_add_offset(AF_INET6, entry_offset, off); |
| @@ -1151,7 +1157,8 @@ static int compat_table_info(const struct xt_table_info *info, | |||
| 1151 | } | 1157 | } |
| 1152 | #endif | 1158 | #endif |
| 1153 | 1159 | ||
| 1154 | static int get_info(struct net *net, void __user *user, int *len, int compat) | 1160 | static int get_info(struct net *net, void __user *user, |
| 1161 | const int *len, int compat) | ||
| 1155 | { | 1162 | { |
| 1156 | char name[IP6T_TABLE_MAXNAMELEN]; | 1163 | char name[IP6T_TABLE_MAXNAMELEN]; |
| 1157 | struct xt_table *t; | 1164 | struct xt_table *t; |
| @@ -1211,7 +1218,8 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
| 1211 | } | 1218 | } |
| 1212 | 1219 | ||
| 1213 | static int | 1220 | static int |
| 1214 | get_entries(struct net *net, struct ip6t_get_entries __user *uptr, int *len) | 1221 | get_entries(struct net *net, struct ip6t_get_entries __user *uptr, |
| 1222 | const int *len) | ||
| 1215 | { | 1223 | { |
| 1216 | int ret; | 1224 | int ret; |
| 1217 | struct ip6t_get_entries get; | 1225 | struct ip6t_get_entries get; |
| @@ -1322,7 +1330,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, | |||
| 1322 | } | 1330 | } |
| 1323 | 1331 | ||
| 1324 | static int | 1332 | static int |
| 1325 | do_replace(struct net *net, void __user *user, unsigned int len) | 1333 | do_replace(struct net *net, const void __user *user, unsigned int len) |
| 1326 | { | 1334 | { |
| 1327 | int ret; | 1335 | int ret; |
| 1328 | struct ip6t_replace tmp; | 1336 | struct ip6t_replace tmp; |
| @@ -1383,7 +1391,7 @@ add_counter_to_entry(struct ip6t_entry *e, | |||
| 1383 | } | 1391 | } |
| 1384 | 1392 | ||
| 1385 | static int | 1393 | static int |
| 1386 | do_add_counters(struct net *net, void __user *user, unsigned int len, | 1394 | do_add_counters(struct net *net, const void __user *user, unsigned int len, |
| 1387 | int compat) | 1395 | int compat) |
| 1388 | { | 1396 | { |
| 1389 | unsigned int i, curcpu; | 1397 | unsigned int i, curcpu; |
| @@ -1582,10 +1590,10 @@ static int | |||
| 1582 | check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, | 1590 | check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e, |
| 1583 | struct xt_table_info *newinfo, | 1591 | struct xt_table_info *newinfo, |
| 1584 | unsigned int *size, | 1592 | unsigned int *size, |
| 1585 | unsigned char *base, | 1593 | const unsigned char *base, |
| 1586 | unsigned char *limit, | 1594 | const unsigned char *limit, |
| 1587 | unsigned int *hook_entries, | 1595 | const unsigned int *hook_entries, |
| 1588 | unsigned int *underflows, | 1596 | const unsigned int *underflows, |
| 1589 | unsigned int *i, | 1597 | unsigned int *i, |
| 1590 | const char *name) | 1598 | const char *name) |
| 1591 | { | 1599 | { |