diff options
36 files changed, 136 insertions, 100 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index e82339a78c01..2de7ae0180aa 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -235,12 +235,13 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) | |||
235 | #endif | 235 | #endif |
236 | 236 | ||
237 | static inline u_int32_t | 237 | static inline u_int32_t |
238 | clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) | 238 | clusterip_hashfn(const struct sk_buff *skb, |
239 | const struct clusterip_config *config) | ||
239 | { | 240 | { |
240 | struct iphdr *iph = ip_hdr(skb); | 241 | const struct iphdr *iph = ip_hdr(skb); |
241 | unsigned long hashval; | 242 | unsigned long hashval; |
242 | u_int16_t sport, dport; | 243 | u_int16_t sport, dport; |
243 | u_int16_t *ports; | 244 | const u_int16_t *ports; |
244 | 245 | ||
245 | switch (iph->protocol) { | 246 | switch (iph->protocol) { |
246 | case IPPROTO_TCP: | 247 | case IPPROTO_TCP: |
@@ -249,7 +250,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) | |||
249 | case IPPROTO_SCTP: | 250 | case IPPROTO_SCTP: |
250 | case IPPROTO_DCCP: | 251 | case IPPROTO_DCCP: |
251 | case IPPROTO_ICMP: | 252 | case IPPROTO_ICMP: |
252 | ports = (void *)iph+iph->ihl*4; | 253 | ports = (const void *)iph+iph->ihl*4; |
253 | sport = ports[0]; | 254 | sport = ports[0]; |
254 | dport = ports[1]; | 255 | dport = ports[1]; |
255 | break; | 256 | break; |
@@ -289,7 +290,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) | |||
289 | } | 290 | } |
290 | 291 | ||
291 | static inline int | 292 | static inline int |
292 | clusterip_responsible(struct clusterip_config *config, u_int32_t hash) | 293 | clusterip_responsible(const struct clusterip_config *config, u_int32_t hash) |
293 | { | 294 | { |
294 | return test_bit(hash - 1, &config->local_nodes); | 295 | return test_bit(hash - 1, &config->local_nodes); |
295 | } | 296 | } |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index bbff6c352ef8..bcc43a625e72 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
@@ -41,7 +41,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
41 | const struct sk_buff *skb, | 41 | const struct sk_buff *skb, |
42 | unsigned int iphoff) | 42 | unsigned int iphoff) |
43 | { | 43 | { |
44 | struct iphdr _iph, *ih; | 44 | struct iphdr _iph; |
45 | const struct iphdr *ih; | ||
45 | unsigned int logflags; | 46 | unsigned int logflags; |
46 | 47 | ||
47 | if (info->type == NF_LOG_TYPE_LOG) | 48 | if (info->type == NF_LOG_TYPE_LOG) |
@@ -100,7 +101,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
100 | 101 | ||
101 | switch (ih->protocol) { | 102 | switch (ih->protocol) { |
102 | case IPPROTO_TCP: { | 103 | case IPPROTO_TCP: { |
103 | struct tcphdr _tcph, *th; | 104 | struct tcphdr _tcph; |
105 | const struct tcphdr *th; | ||
104 | 106 | ||
105 | /* Max length: 10 "PROTO=TCP " */ | 107 | /* Max length: 10 "PROTO=TCP " */ |
106 | printk("PROTO=TCP "); | 108 | printk("PROTO=TCP "); |
@@ -151,7 +153,7 @@ static void dump_packet(const struct nf_loginfo *info, | |||
151 | if ((logflags & IPT_LOG_TCPOPT) | 153 | if ((logflags & IPT_LOG_TCPOPT) |
152 | && th->doff * 4 > sizeof(struct tcphdr)) { | 154 | && th->doff * 4 > sizeof(struct tcphdr)) { |
153 | unsigned char _opt[4 * 15 - sizeof(struct tcphdr)]; | 155 | unsigned char _opt[4 * 15 - sizeof(struct tcphdr)]; |
154 | unsigned char *op; | 156 | const unsigned char *op; |
155 | unsigned int i, optsize; | 157 | unsigned int i, optsize; |
156 | 158 | ||
157 | optsize = th->doff * 4 - sizeof(struct tcphdr); | 159 | optsize = th->doff * 4 - sizeof(struct tcphdr); |
@@ -173,7 +175,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
173 | } | 175 | } |
174 | case IPPROTO_UDP: | 176 | case IPPROTO_UDP: |
175 | case IPPROTO_UDPLITE: { | 177 | case IPPROTO_UDPLITE: { |
176 | struct udphdr _udph, *uh; | 178 | struct udphdr _udph; |
179 | const struct udphdr *uh; | ||
177 | 180 | ||
178 | if (ih->protocol == IPPROTO_UDP) | 181 | if (ih->protocol == IPPROTO_UDP) |
179 | /* Max length: 10 "PROTO=UDP " */ | 182 | /* Max length: 10 "PROTO=UDP " */ |
@@ -200,7 +203,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
200 | break; | 203 | break; |
201 | } | 204 | } |
202 | case IPPROTO_ICMP: { | 205 | case IPPROTO_ICMP: { |
203 | struct icmphdr _icmph, *ich; | 206 | struct icmphdr _icmph; |
207 | const struct icmphdr *ich; | ||
204 | static const size_t required_len[NR_ICMP_TYPES+1] | 208 | static const size_t required_len[NR_ICMP_TYPES+1] |
205 | = { [ICMP_ECHOREPLY] = 4, | 209 | = { [ICMP_ECHOREPLY] = 4, |
206 | [ICMP_DEST_UNREACH] | 210 | [ICMP_DEST_UNREACH] |
@@ -285,7 +289,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
285 | } | 289 | } |
286 | /* Max Length */ | 290 | /* Max Length */ |
287 | case IPPROTO_AH: { | 291 | case IPPROTO_AH: { |
288 | struct ip_auth_hdr _ahdr, *ah; | 292 | struct ip_auth_hdr _ahdr; |
293 | const struct ip_auth_hdr *ah; | ||
289 | 294 | ||
290 | if (ntohs(ih->frag_off) & IP_OFFSET) | 295 | if (ntohs(ih->frag_off) & IP_OFFSET) |
291 | break; | 296 | break; |
@@ -307,7 +312,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
307 | break; | 312 | break; |
308 | } | 313 | } |
309 | case IPPROTO_ESP: { | 314 | case IPPROTO_ESP: { |
310 | struct ip_esp_hdr _esph, *eh; | 315 | struct ip_esp_hdr _esph; |
316 | const struct ip_esp_hdr *eh; | ||
311 | 317 | ||
312 | /* Max length: 10 "PROTO=ESP " */ | 318 | /* Max length: 10 "PROTO=ESP " */ |
313 | printk("PROTO=ESP "); | 319 | printk("PROTO=ESP "); |
@@ -385,11 +391,13 @@ ipt_log_packet(unsigned int pf, | |||
385 | out ? out->name : ""); | 391 | out ? out->name : ""); |
386 | #ifdef CONFIG_BRIDGE_NETFILTER | 392 | #ifdef CONFIG_BRIDGE_NETFILTER |
387 | if (skb->nf_bridge) { | 393 | if (skb->nf_bridge) { |
388 | struct net_device *physindev = skb->nf_bridge->physindev; | 394 | const struct net_device *physindev; |
389 | struct net_device *physoutdev = skb->nf_bridge->physoutdev; | 395 | const struct net_device *physoutdev; |
390 | 396 | ||
397 | physindev = skb->nf_bridge->physindev; | ||
391 | if (physindev && in != physindev) | 398 | if (physindev && in != physindev) |
392 | printk("PHYSIN=%s ", physindev->name); | 399 | printk("PHYSIN=%s ", physindev->name); |
400 | physoutdev = skb->nf_bridge->physoutdev; | ||
393 | if (physoutdev && out != physoutdev) | 401 | if (physoutdev && out != physoutdev) |
394 | printk("PHYSOUT=%s ", physoutdev->name); | 402 | printk("PHYSOUT=%s ", physoutdev->name); |
395 | } | 403 | } |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index b5b216408ee7..846a0e727218 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
@@ -70,7 +70,7 @@ masquerade_target(struct sk_buff **pskb, | |||
70 | enum ip_conntrack_info ctinfo; | 70 | enum ip_conntrack_info ctinfo; |
71 | struct nf_nat_range newrange; | 71 | struct nf_nat_range newrange; |
72 | const struct nf_nat_multi_range_compat *mr; | 72 | const struct nf_nat_multi_range_compat *mr; |
73 | struct rtable *rt; | 73 | const struct rtable *rt; |
74 | __be32 newsrc; | 74 | __be32 newsrc; |
75 | 75 | ||
76 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 76 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); |
@@ -112,7 +112,7 @@ masquerade_target(struct sk_buff **pskb, | |||
112 | static inline int | 112 | static inline int |
113 | device_cmp(struct nf_conn *i, void *ifindex) | 113 | device_cmp(struct nf_conn *i, void *ifindex) |
114 | { | 114 | { |
115 | struct nf_conn_nat *nat = nfct_nat(i); | 115 | const struct nf_conn_nat *nat = nfct_nat(i); |
116 | int ret; | 116 | int ret; |
117 | 117 | ||
118 | if (!nat) | 118 | if (!nat) |
@@ -129,7 +129,7 @@ static int masq_device_event(struct notifier_block *this, | |||
129 | unsigned long event, | 129 | unsigned long event, |
130 | void *ptr) | 130 | void *ptr) |
131 | { | 131 | { |
132 | struct net_device *dev = ptr; | 132 | const struct net_device *dev = ptr; |
133 | 133 | ||
134 | if (event == NETDEV_DOWN) { | 134 | if (event == NETDEV_DOWN) { |
135 | /* Device was downed. Search entire table for | 135 | /* Device was downed. Search entire table for |
@@ -147,7 +147,7 @@ static int masq_inet_event(struct notifier_block *this, | |||
147 | unsigned long event, | 147 | unsigned long event, |
148 | void *ptr) | 148 | void *ptr) |
149 | { | 149 | { |
150 | struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; | 150 | const struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; |
151 | 151 | ||
152 | if (event == NETDEV_DOWN) { | 152 | if (event == NETDEV_DOWN) { |
153 | /* IP address was deleted. Search entire table for | 153 | /* IP address was deleted. Search entire table for |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index 5c3270d325f3..90f7b7093785 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -122,7 +122,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
122 | tcph->check = 0; | 122 | tcph->check = 0; |
123 | tcph->check = tcp_v4_check(sizeof(struct tcphdr), | 123 | tcph->check = tcp_v4_check(sizeof(struct tcphdr), |
124 | niph->saddr, niph->daddr, | 124 | niph->saddr, niph->daddr, |
125 | csum_partial((char *)tcph, | 125 | csum_partial(tcph, |
126 | sizeof(struct tcphdr), 0)); | 126 | sizeof(struct tcphdr), 0)); |
127 | 127 | ||
128 | /* Set DF, id = 0 */ | 128 | /* Set DF, id = 0 */ |
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c index 96b6e3514c22..f53f2c4ca4a1 100644 --- a/net/ipv4/netfilter/ipt_TTL.c +++ b/net/ipv4/netfilter/ipt_TTL.c | |||
@@ -68,7 +68,7 @@ static bool ipt_ttl_checkentry(const char *tablename, | |||
68 | void *targinfo, | 68 | void *targinfo, |
69 | unsigned int hook_mask) | 69 | unsigned int hook_mask) |
70 | { | 70 | { |
71 | struct ipt_TTL_info *info = targinfo; | 71 | const struct ipt_TTL_info *info = targinfo; |
72 | 72 | ||
73 | if (info->mode > IPT_TTL_MAXMODE) { | 73 | if (info->mode > IPT_TTL_MAXMODE) { |
74 | printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", | 74 | printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index dfa7afd84763..282eb00fc471 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -334,7 +334,7 @@ static bool ipt_ulog_checkentry(const char *tablename, | |||
334 | void *targinfo, | 334 | void *targinfo, |
335 | unsigned int hookmask) | 335 | unsigned int hookmask) |
336 | { | 336 | { |
337 | struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; | 337 | const struct ipt_ulog_info *loginfo = targinfo; |
338 | 338 | ||
339 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { | 339 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { |
340 | DEBUGP("ipt_ULOG: prefix term %i\n", | 340 | DEBUGP("ipt_ULOG: prefix term %i\n", |
@@ -359,7 +359,7 @@ struct compat_ipt_ulog_info { | |||
359 | 359 | ||
360 | static void compat_from_user(void *dst, void *src) | 360 | static void compat_from_user(void *dst, void *src) |
361 | { | 361 | { |
362 | struct compat_ipt_ulog_info *cl = src; | 362 | const struct compat_ipt_ulog_info *cl = src; |
363 | struct ipt_ulog_info l = { | 363 | struct ipt_ulog_info l = { |
364 | .nl_group = cl->nl_group, | 364 | .nl_group = cl->nl_group, |
365 | .copy_range = cl->copy_range, | 365 | .copy_range = cl->copy_range, |
@@ -372,7 +372,7 @@ static void compat_from_user(void *dst, void *src) | |||
372 | 372 | ||
373 | static int compat_to_user(void __user *dst, void *src) | 373 | static int compat_to_user(void __user *dst, void *src) |
374 | { | 374 | { |
375 | struct ipt_ulog_info *l = src; | 375 | const struct ipt_ulog_info *l = src; |
376 | struct compat_ipt_ulog_info cl = { | 376 | struct compat_ipt_ulog_info cl = { |
377 | .nl_group = l->nl_group, | 377 | .nl_group = l->nl_group, |
378 | .copy_range = l->copy_range, | 378 | .copy_range = l->copy_range, |
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c index 6b5b7c9f7392..49d503cbab09 100644 --- a/net/ipv4/netfilter/ipt_ah.c +++ b/net/ipv4/netfilter/ipt_ah.c | |||
@@ -46,7 +46,8 @@ match(const struct sk_buff *skb, | |||
46 | unsigned int protoff, | 46 | unsigned int protoff, |
47 | bool *hotdrop) | 47 | bool *hotdrop) |
48 | { | 48 | { |
49 | struct ip_auth_hdr _ahdr, *ah; | 49 | struct ip_auth_hdr _ahdr; |
50 | const struct ip_auth_hdr *ah; | ||
50 | const struct ipt_ah *ahinfo = matchinfo; | 51 | const struct ipt_ah *ahinfo = matchinfo; |
51 | 52 | ||
52 | /* Must not be a fragment. */ | 53 | /* Must not be a fragment. */ |
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c index ba4f5497add3..3129e3106162 100644 --- a/net/ipv4/netfilter/ipt_ecn.c +++ b/net/ipv4/netfilter/ipt_ecn.c | |||
@@ -32,7 +32,8 @@ static inline bool match_tcp(const struct sk_buff *skb, | |||
32 | const struct ipt_ecn_info *einfo, | 32 | const struct ipt_ecn_info *einfo, |
33 | bool *hotdrop) | 33 | bool *hotdrop) |
34 | { | 34 | { |
35 | struct tcphdr _tcph, *th; | 35 | struct tcphdr _tcph; |
36 | const struct tcphdr *th; | ||
36 | 37 | ||
37 | /* In practice, TCP match does this, so can't fail. But let's | 38 | /* In practice, TCP match does this, so can't fail. But let's |
38 | * be good citizens. | 39 | * be good citizens. |
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index d632e0e6ef16..d03e6a6eb767 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c | |||
@@ -323,7 +323,7 @@ struct recent_iter_state { | |||
323 | static void *recent_seq_start(struct seq_file *seq, loff_t *pos) | 323 | static void *recent_seq_start(struct seq_file *seq, loff_t *pos) |
324 | { | 324 | { |
325 | struct recent_iter_state *st = seq->private; | 325 | struct recent_iter_state *st = seq->private; |
326 | struct recent_table *t = st->table; | 326 | const struct recent_table *t = st->table; |
327 | struct recent_entry *e; | 327 | struct recent_entry *e; |
328 | loff_t p = *pos; | 328 | loff_t p = *pos; |
329 | 329 | ||
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index b1aa5983a95b..ef0a99e09fd1 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
@@ -190,7 +190,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
190 | tcph->check = 0; | 190 | tcph->check = 0; |
191 | tcph->check = tcp_v4_check(datalen, | 191 | tcph->check = tcp_v4_check(datalen, |
192 | iph->saddr, iph->daddr, | 192 | iph->saddr, iph->daddr, |
193 | csum_partial((char *)tcph, | 193 | csum_partial(tcph, |
194 | datalen, 0)); | 194 | datalen, 0)); |
195 | } | 195 | } |
196 | } else | 196 | } else |
@@ -278,7 +278,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
278 | udph->check = 0; | 278 | udph->check = 0; |
279 | udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, | 279 | udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, |
280 | datalen, IPPROTO_UDP, | 280 | datalen, IPPROTO_UDP, |
281 | csum_partial((char *)udph, | 281 | csum_partial(udph, |
282 | datalen, 0)); | 282 | datalen, 0)); |
283 | if (!udph->check) | 283 | if (!udph->check) |
284 | udph->check = CSUM_MANGLED_0; | 284 | udph->check = CSUM_MANGLED_0; |
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c index 82966c09fd64..20047ff5492f 100644 --- a/net/ipv6/netfilter/ip6t_HL.c +++ b/net/ipv6/netfilter/ip6t_HL.c | |||
@@ -64,7 +64,7 @@ static bool ip6t_hl_checkentry(const char *tablename, | |||
64 | void *targinfo, | 64 | void *targinfo, |
65 | unsigned int hook_mask) | 65 | unsigned int hook_mask) |
66 | { | 66 | { |
67 | struct ip6t_HL_info *info = targinfo; | 67 | const struct ip6t_HL_info *info = targinfo; |
68 | 68 | ||
69 | if (info->mode > IP6T_HL_MAXMODE) { | 69 | if (info->mode > IP6T_HL_MAXMODE) { |
70 | printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n", | 70 | printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n", |
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index aa4b9a14a11c..996168d2ca25 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
@@ -48,7 +48,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
48 | { | 48 | { |
49 | u_int8_t currenthdr; | 49 | u_int8_t currenthdr; |
50 | int fragment; | 50 | int fragment; |
51 | struct ipv6hdr _ip6h, *ih; | 51 | struct ipv6hdr _ip6h; |
52 | const struct ipv6hdr *ih; | ||
52 | unsigned int ptr; | 53 | unsigned int ptr; |
53 | unsigned int hdrlen = 0; | 54 | unsigned int hdrlen = 0; |
54 | unsigned int logflags; | 55 | unsigned int logflags; |
@@ -78,7 +79,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
78 | ptr = ip6hoff + sizeof(struct ipv6hdr); | 79 | ptr = ip6hoff + sizeof(struct ipv6hdr); |
79 | currenthdr = ih->nexthdr; | 80 | currenthdr = ih->nexthdr; |
80 | while (currenthdr != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) { | 81 | while (currenthdr != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) { |
81 | struct ipv6_opt_hdr _hdr, *hp; | 82 | struct ipv6_opt_hdr _hdr; |
83 | const struct ipv6_opt_hdr *hp; | ||
82 | 84 | ||
83 | hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr); | 85 | hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr); |
84 | if (hp == NULL) { | 86 | if (hp == NULL) { |
@@ -92,7 +94,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
92 | 94 | ||
93 | switch (currenthdr) { | 95 | switch (currenthdr) { |
94 | case IPPROTO_FRAGMENT: { | 96 | case IPPROTO_FRAGMENT: { |
95 | struct frag_hdr _fhdr, *fh; | 97 | struct frag_hdr _fhdr; |
98 | const struct frag_hdr *fh; | ||
96 | 99 | ||
97 | printk("FRAG:"); | 100 | printk("FRAG:"); |
98 | fh = skb_header_pointer(skb, ptr, sizeof(_fhdr), | 101 | fh = skb_header_pointer(skb, ptr, sizeof(_fhdr), |
@@ -131,7 +134,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
131 | /* Max Length */ | 134 | /* Max Length */ |
132 | case IPPROTO_AH: | 135 | case IPPROTO_AH: |
133 | if (logflags & IP6T_LOG_IPOPT) { | 136 | if (logflags & IP6T_LOG_IPOPT) { |
134 | struct ip_auth_hdr _ahdr, *ah; | 137 | struct ip_auth_hdr _ahdr; |
138 | const struct ip_auth_hdr *ah; | ||
135 | 139 | ||
136 | /* Max length: 3 "AH " */ | 140 | /* Max length: 3 "AH " */ |
137 | printk("AH "); | 141 | printk("AH "); |
@@ -162,7 +166,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
162 | break; | 166 | break; |
163 | case IPPROTO_ESP: | 167 | case IPPROTO_ESP: |
164 | if (logflags & IP6T_LOG_IPOPT) { | 168 | if (logflags & IP6T_LOG_IPOPT) { |
165 | struct ip_esp_hdr _esph, *eh; | 169 | struct ip_esp_hdr _esph; |
170 | const struct ip_esp_hdr *eh; | ||
166 | 171 | ||
167 | /* Max length: 4 "ESP " */ | 172 | /* Max length: 4 "ESP " */ |
168 | printk("ESP "); | 173 | printk("ESP "); |
@@ -202,7 +207,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
202 | 207 | ||
203 | switch (currenthdr) { | 208 | switch (currenthdr) { |
204 | case IPPROTO_TCP: { | 209 | case IPPROTO_TCP: { |
205 | struct tcphdr _tcph, *th; | 210 | struct tcphdr _tcph; |
211 | const struct tcphdr *th; | ||
206 | 212 | ||
207 | /* Max length: 10 "PROTO=TCP " */ | 213 | /* Max length: 10 "PROTO=TCP " */ |
208 | printk("PROTO=TCP "); | 214 | printk("PROTO=TCP "); |
@@ -250,7 +256,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
250 | 256 | ||
251 | if ((logflags & IP6T_LOG_TCPOPT) | 257 | if ((logflags & IP6T_LOG_TCPOPT) |
252 | && th->doff * 4 > sizeof(struct tcphdr)) { | 258 | && th->doff * 4 > sizeof(struct tcphdr)) { |
253 | u_int8_t _opt[60 - sizeof(struct tcphdr)], *op; | 259 | u_int8_t _opt[60 - sizeof(struct tcphdr)]; |
260 | const u_int8_t *op; | ||
254 | unsigned int i; | 261 | unsigned int i; |
255 | unsigned int optsize = th->doff * 4 | 262 | unsigned int optsize = th->doff * 4 |
256 | - sizeof(struct tcphdr); | 263 | - sizeof(struct tcphdr); |
@@ -273,7 +280,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
273 | } | 280 | } |
274 | case IPPROTO_UDP: | 281 | case IPPROTO_UDP: |
275 | case IPPROTO_UDPLITE: { | 282 | case IPPROTO_UDPLITE: { |
276 | struct udphdr _udph, *uh; | 283 | struct udphdr _udph; |
284 | const struct udphdr *uh; | ||
277 | 285 | ||
278 | if (currenthdr == IPPROTO_UDP) | 286 | if (currenthdr == IPPROTO_UDP) |
279 | /* Max length: 10 "PROTO=UDP " */ | 287 | /* Max length: 10 "PROTO=UDP " */ |
@@ -298,7 +306,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
298 | break; | 306 | break; |
299 | } | 307 | } |
300 | case IPPROTO_ICMPV6: { | 308 | case IPPROTO_ICMPV6: { |
301 | struct icmp6hdr _icmp6h, *ic; | 309 | struct icmp6hdr _icmp6h; |
310 | const struct icmp6hdr *ic; | ||
302 | 311 | ||
303 | /* Max length: 13 "PROTO=ICMPv6 " */ | 312 | /* Max length: 13 "PROTO=ICMPv6 " */ |
304 | printk("PROTO=ICMPv6 "); | 313 | printk("PROTO=ICMPv6 "); |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 8639a0599bf5..4df07f0adf1d 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -159,7 +159,7 @@ static void send_reset(struct sk_buff *oldskb) | |||
159 | tcph->check = csum_ipv6_magic(&ipv6_hdr(nskb)->saddr, | 159 | tcph->check = csum_ipv6_magic(&ipv6_hdr(nskb)->saddr, |
160 | &ipv6_hdr(nskb)->daddr, | 160 | &ipv6_hdr(nskb)->daddr, |
161 | sizeof(struct tcphdr), IPPROTO_TCP, | 161 | sizeof(struct tcphdr), IPPROTO_TCP, |
162 | csum_partial((char *)tcph, | 162 | csum_partial(tcph, |
163 | sizeof(struct tcphdr), 0)); | 163 | sizeof(struct tcphdr), 0)); |
164 | 164 | ||
165 | nf_ct_attach(nskb, oldskb); | 165 | nf_ct_attach(nskb, oldskb); |
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index 8fc00bdfc38b..b4b1d282761c 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
@@ -51,7 +51,8 @@ match(const struct sk_buff *skb, | |||
51 | unsigned int protoff, | 51 | unsigned int protoff, |
52 | bool *hotdrop) | 52 | bool *hotdrop) |
53 | { | 53 | { |
54 | struct ip_auth_hdr *ah, _ah; | 54 | struct ip_auth_hdr _ah; |
55 | const struct ip_auth_hdr *ah; | ||
55 | const struct ip6t_ah *ahinfo = matchinfo; | 56 | const struct ip6t_ah *ahinfo = matchinfo; |
56 | unsigned int ptr; | 57 | unsigned int ptr; |
57 | unsigned int hdrlen = 0; | 58 | unsigned int hdrlen = 0; |
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index f0aed898e8b7..e0e416bb284a 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
@@ -50,7 +50,8 @@ match(const struct sk_buff *skb, | |||
50 | unsigned int protoff, | 50 | unsigned int protoff, |
51 | bool *hotdrop) | 51 | bool *hotdrop) |
52 | { | 52 | { |
53 | struct frag_hdr _frag, *fh; | 53 | struct frag_hdr _frag; |
54 | const struct frag_hdr *fh; | ||
54 | const struct ip6t_frag *fraginfo = matchinfo; | 55 | const struct ip6t_frag *fraginfo = matchinfo; |
55 | unsigned int ptr; | 56 | unsigned int ptr; |
56 | int err; | 57 | int err; |
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index 6fdd79785f32..bbd2615ad2e1 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
@@ -57,14 +57,17 @@ match(const struct sk_buff *skb, | |||
57 | unsigned int protoff, | 57 | unsigned int protoff, |
58 | bool *hotdrop) | 58 | bool *hotdrop) |
59 | { | 59 | { |
60 | struct ipv6_opt_hdr _optsh, *oh; | 60 | struct ipv6_opt_hdr _optsh; |
61 | const struct ipv6_opt_hdr *oh; | ||
61 | const struct ip6t_opts *optinfo = matchinfo; | 62 | const struct ip6t_opts *optinfo = matchinfo; |
62 | unsigned int temp; | 63 | unsigned int temp; |
63 | unsigned int ptr; | 64 | unsigned int ptr; |
64 | unsigned int hdrlen = 0; | 65 | unsigned int hdrlen = 0; |
65 | bool ret = false; | 66 | bool ret = false; |
66 | u8 _opttype, *tp = NULL; | 67 | u8 _opttype; |
67 | u8 _optlen, *lp = NULL; | 68 | u8 _optlen; |
69 | const u_int8_t *tp = NULL; | ||
70 | const u_int8_t *lp = NULL; | ||
68 | unsigned int optlen; | 71 | unsigned int optlen; |
69 | int err; | 72 | int err; |
70 | 73 | ||
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c index a3008b41d24b..e94fdd82f284 100644 --- a/net/ipv6/netfilter/ip6t_mh.c +++ b/net/ipv6/netfilter/ip6t_mh.c | |||
@@ -47,7 +47,8 @@ match(const struct sk_buff *skb, | |||
47 | unsigned int protoff, | 47 | unsigned int protoff, |
48 | bool *hotdrop) | 48 | bool *hotdrop) |
49 | { | 49 | { |
50 | struct ip6_mh _mh, *mh; | 50 | struct ip6_mh _mh; |
51 | const struct ip6_mh *mh; | ||
51 | const struct ip6t_mh *mhinfo = matchinfo; | 52 | const struct ip6t_mh *mhinfo = matchinfo; |
52 | 53 | ||
53 | /* Must not be a fragment. */ | 54 | /* Must not be a fragment. */ |
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index e991ed4a692e..bc5ff4b1af39 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
@@ -52,13 +52,15 @@ match(const struct sk_buff *skb, | |||
52 | unsigned int protoff, | 52 | unsigned int protoff, |
53 | bool *hotdrop) | 53 | bool *hotdrop) |
54 | { | 54 | { |
55 | struct ipv6_rt_hdr _route, *rh; | 55 | struct ipv6_rt_hdr _route; |
56 | const struct ipv6_rt_hdr *rh; | ||
56 | const struct ip6t_rt *rtinfo = matchinfo; | 57 | const struct ip6t_rt *rtinfo = matchinfo; |
57 | unsigned int temp; | 58 | unsigned int temp; |
58 | unsigned int ptr; | 59 | unsigned int ptr; |
59 | unsigned int hdrlen = 0; | 60 | unsigned int hdrlen = 0; |
60 | bool ret = false; | 61 | bool ret = false; |
61 | struct in6_addr *ap, _addr; | 62 | struct in6_addr _addr; |
63 | const struct in6_addr *ap; | ||
62 | int err; | 64 | int err; |
63 | 65 | ||
64 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); | 66 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); |
@@ -100,9 +102,9 @@ match(const struct sk_buff *skb, | |||
100 | !!(rtinfo->invflags & IP6T_RT_INV_LEN)))); | 102 | !!(rtinfo->invflags & IP6T_RT_INV_LEN)))); |
101 | DEBUGP("res %02X %02X %02X ", | 103 | DEBUGP("res %02X %02X %02X ", |
102 | (rtinfo->flags & IP6T_RT_RES), | 104 | (rtinfo->flags & IP6T_RT_RES), |
103 | ((struct rt0_hdr *)rh)->reserved, | 105 | ((const struct rt0_hdr *)rh)->reserved, |
104 | !((rtinfo->flags & IP6T_RT_RES) && | 106 | !((rtinfo->flags & IP6T_RT_RES) && |
105 | (((struct rt0_hdr *)rh)->reserved))); | 107 | (((const struct rt0_hdr *)rh)->reserved))); |
106 | 108 | ||
107 | ret = (rh != NULL) | 109 | ret = (rh != NULL) |
108 | && | 110 | && |
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 3aaabec70d19..381a77cf0c9e 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c | |||
@@ -231,13 +231,13 @@ void nf_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb, | |||
231 | { | 231 | { |
232 | __be32 diff[] = { ~from, to }; | 232 | __be32 diff[] = { ~from, to }; |
233 | if (skb->ip_summed != CHECKSUM_PARTIAL) { | 233 | if (skb->ip_summed != CHECKSUM_PARTIAL) { |
234 | *sum = csum_fold(csum_partial((char *)diff, sizeof(diff), | 234 | *sum = csum_fold(csum_partial(diff, sizeof(diff), |
235 | ~csum_unfold(*sum))); | 235 | ~csum_unfold(*sum))); |
236 | if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) | 236 | if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) |
237 | skb->csum = ~csum_partial((char *)diff, sizeof(diff), | 237 | skb->csum = ~csum_partial(diff, sizeof(diff), |
238 | ~skb->csum); | 238 | ~skb->csum); |
239 | } else if (pseudohdr) | 239 | } else if (pseudohdr) |
240 | *sum = ~csum_fold(csum_partial((char *)diff, sizeof(diff), | 240 | *sum = ~csum_fold(csum_partial(diff, sizeof(diff), |
241 | csum_unfold(*sum))); | 241 | csum_unfold(*sum))); |
242 | } | 242 | } |
243 | EXPORT_SYMBOL(nf_proto_csum_replace4); | 243 | EXPORT_SYMBOL(nf_proto_csum_replace4); |
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c index 4e8aa1b0cba2..4284a59b03e1 100644 --- a/net/netfilter/xt_CONNMARK.c +++ b/net/netfilter/xt_CONNMARK.c | |||
@@ -83,7 +83,7 @@ checkentry(const char *tablename, | |||
83 | void *targinfo, | 83 | void *targinfo, |
84 | unsigned int hook_mask) | 84 | unsigned int hook_mask) |
85 | { | 85 | { |
86 | struct xt_connmark_target_info *matchinfo = targinfo; | 86 | const struct xt_connmark_target_info *matchinfo = targinfo; |
87 | 87 | ||
88 | if (nf_ct_l3proto_try_module_get(target->family) < 0) { | 88 | if (nf_ct_l3proto_try_module_get(target->family) < 0) { |
89 | printk(KERN_WARNING "can't load conntrack support for " | 89 | printk(KERN_WARNING "can't load conntrack support for " |
@@ -121,7 +121,7 @@ struct compat_xt_connmark_target_info { | |||
121 | 121 | ||
122 | static void compat_from_user(void *dst, void *src) | 122 | static void compat_from_user(void *dst, void *src) |
123 | { | 123 | { |
124 | struct compat_xt_connmark_target_info *cm = src; | 124 | const struct compat_xt_connmark_target_info *cm = src; |
125 | struct xt_connmark_target_info m = { | 125 | struct xt_connmark_target_info m = { |
126 | .mark = cm->mark, | 126 | .mark = cm->mark, |
127 | .mask = cm->mask, | 127 | .mask = cm->mask, |
@@ -132,7 +132,7 @@ static void compat_from_user(void *dst, void *src) | |||
132 | 132 | ||
133 | static int compat_to_user(void __user *dst, void *src) | 133 | static int compat_to_user(void __user *dst, void *src) |
134 | { | 134 | { |
135 | struct xt_connmark_target_info *m = src; | 135 | const struct xt_connmark_target_info *m = src; |
136 | struct compat_xt_connmark_target_info cm = { | 136 | struct compat_xt_connmark_target_info cm = { |
137 | .mark = m->mark, | 137 | .mark = m->mark, |
138 | .mask = m->mask, | 138 | .mask = m->mask, |
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c index ab2f0d016953..8d5e154013d6 100644 --- a/net/netfilter/xt_CONNSECMARK.c +++ b/net/netfilter/xt_CONNSECMARK.c | |||
@@ -33,7 +33,7 @@ MODULE_ALIAS("ip6t_CONNSECMARK"); | |||
33 | * If the packet has a security mark and the connection does not, copy | 33 | * If the packet has a security mark and the connection does not, copy |
34 | * the security mark from the packet to the connection. | 34 | * the security mark from the packet to the connection. |
35 | */ | 35 | */ |
36 | static void secmark_save(struct sk_buff *skb) | 36 | static void secmark_save(const struct sk_buff *skb) |
37 | { | 37 | { |
38 | if (skb->secmark) { | 38 | if (skb->secmark) { |
39 | struct nf_conn *ct; | 39 | struct nf_conn *ct; |
@@ -89,7 +89,7 @@ static bool checkentry(const char *tablename, const void *entry, | |||
89 | const struct xt_target *target, void *targinfo, | 89 | const struct xt_target *target, void *targinfo, |
90 | unsigned int hook_mask) | 90 | unsigned int hook_mask) |
91 | { | 91 | { |
92 | struct xt_connsecmark_target_info *info = targinfo; | 92 | const struct xt_connsecmark_target_info *info = targinfo; |
93 | 93 | ||
94 | if (nf_ct_l3proto_try_module_get(target->family) < 0) { | 94 | if (nf_ct_l3proto_try_module_get(target->family) < 0) { |
95 | printk(KERN_WARNING "can't load conntrack support for " | 95 | printk(KERN_WARNING "can't load conntrack support for " |
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c index bd9cdf29cc3b..6b7369fc263f 100644 --- a/net/netfilter/xt_MARK.c +++ b/net/netfilter/xt_MARK.c | |||
@@ -72,7 +72,7 @@ checkentry_v0(const char *tablename, | |||
72 | void *targinfo, | 72 | void *targinfo, |
73 | unsigned int hook_mask) | 73 | unsigned int hook_mask) |
74 | { | 74 | { |
75 | struct xt_mark_target_info *markinfo = targinfo; | 75 | const struct xt_mark_target_info *markinfo = targinfo; |
76 | 76 | ||
77 | if (markinfo->mark > 0xffffffff) { | 77 | if (markinfo->mark > 0xffffffff) { |
78 | printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n"); | 78 | printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n"); |
@@ -88,7 +88,7 @@ checkentry_v1(const char *tablename, | |||
88 | void *targinfo, | 88 | void *targinfo, |
89 | unsigned int hook_mask) | 89 | unsigned int hook_mask) |
90 | { | 90 | { |
91 | struct xt_mark_target_info_v1 *markinfo = targinfo; | 91 | const struct xt_mark_target_info_v1 *markinfo = targinfo; |
92 | 92 | ||
93 | if (markinfo->mode != XT_MARK_SET | 93 | if (markinfo->mode != XT_MARK_SET |
94 | && markinfo->mode != XT_MARK_AND | 94 | && markinfo->mode != XT_MARK_AND |
@@ -114,7 +114,7 @@ struct compat_xt_mark_target_info_v1 { | |||
114 | 114 | ||
115 | static void compat_from_user_v1(void *dst, void *src) | 115 | static void compat_from_user_v1(void *dst, void *src) |
116 | { | 116 | { |
117 | struct compat_xt_mark_target_info_v1 *cm = src; | 117 | const struct compat_xt_mark_target_info_v1 *cm = src; |
118 | struct xt_mark_target_info_v1 m = { | 118 | struct xt_mark_target_info_v1 m = { |
119 | .mark = cm->mark, | 119 | .mark = cm->mark, |
120 | .mode = cm->mode, | 120 | .mode = cm->mode, |
@@ -124,7 +124,7 @@ static void compat_from_user_v1(void *dst, void *src) | |||
124 | 124 | ||
125 | static int compat_to_user_v1(void __user *dst, void *src) | 125 | static int compat_to_user_v1(void __user *dst, void *src) |
126 | { | 126 | { |
127 | struct xt_mark_target_info_v1 *m = src; | 127 | const struct xt_mark_target_info_v1 *m = src; |
128 | struct compat_xt_mark_target_info_v1 cm = { | 128 | struct compat_xt_mark_target_info_v1 cm = { |
129 | .mark = m->mark, | 129 | .mark = m->mark, |
130 | .mode = m->mode, | 130 | .mode = m->mode, |
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index 0c6f2838cc98..20e55d588a3c 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c | |||
@@ -43,7 +43,7 @@ nflog_checkentry(const char *tablename, const void *entry, | |||
43 | const struct xt_target *target, void *targetinfo, | 43 | const struct xt_target *target, void *targetinfo, |
44 | unsigned int hookmask) | 44 | unsigned int hookmask) |
45 | { | 45 | { |
46 | struct xt_nflog_info *info = targetinfo; | 46 | const struct xt_nflog_info *info = targetinfo; |
47 | 47 | ||
48 | if (info->flags & ~XT_NFLOG_MASK) | 48 | if (info->flags & ~XT_NFLOG_MASK) |
49 | return false; | 49 | return false; |
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 12541784109a..99c246e45c42 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c | |||
@@ -26,7 +26,7 @@ match(const struct sk_buff *skb, | |||
26 | bool *hotdrop) | 26 | bool *hotdrop) |
27 | { | 27 | { |
28 | const struct xt_connbytes_info *sinfo = matchinfo; | 28 | const struct xt_connbytes_info *sinfo = matchinfo; |
29 | struct nf_conn *ct; | 29 | const struct nf_conn *ct; |
30 | enum ip_conntrack_info ctinfo; | 30 | enum ip_conntrack_info ctinfo; |
31 | u_int64_t what = 0; /* initialize to make gcc happy */ | 31 | u_int64_t what = 0; /* initialize to make gcc happy */ |
32 | u_int64_t bytes = 0; | 32 | u_int64_t bytes = 0; |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index 94d5251b3d88..71f3c1a5d5e5 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
@@ -41,7 +41,7 @@ match(const struct sk_buff *skb, | |||
41 | bool *hotdrop) | 41 | bool *hotdrop) |
42 | { | 42 | { |
43 | const struct xt_connmark_info *info = matchinfo; | 43 | const struct xt_connmark_info *info = matchinfo; |
44 | struct nf_conn *ct; | 44 | const struct nf_conn *ct; |
45 | enum ip_conntrack_info ctinfo; | 45 | enum ip_conntrack_info ctinfo; |
46 | 46 | ||
47 | ct = nf_ct_get(skb, &ctinfo); | 47 | ct = nf_ct_get(skb, &ctinfo); |
@@ -58,7 +58,7 @@ checkentry(const char *tablename, | |||
58 | void *matchinfo, | 58 | void *matchinfo, |
59 | unsigned int hook_mask) | 59 | unsigned int hook_mask) |
60 | { | 60 | { |
61 | struct xt_connmark_info *cm = matchinfo; | 61 | const struct xt_connmark_info *cm = matchinfo; |
62 | 62 | ||
63 | if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) { | 63 | if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) { |
64 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); | 64 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); |
@@ -88,7 +88,7 @@ struct compat_xt_connmark_info { | |||
88 | 88 | ||
89 | static void compat_from_user(void *dst, void *src) | 89 | static void compat_from_user(void *dst, void *src) |
90 | { | 90 | { |
91 | struct compat_xt_connmark_info *cm = src; | 91 | const struct compat_xt_connmark_info *cm = src; |
92 | struct xt_connmark_info m = { | 92 | struct xt_connmark_info m = { |
93 | .mark = cm->mark, | 93 | .mark = cm->mark, |
94 | .mask = cm->mask, | 94 | .mask = cm->mask, |
@@ -99,7 +99,7 @@ static void compat_from_user(void *dst, void *src) | |||
99 | 99 | ||
100 | static int compat_to_user(void __user *dst, void *src) | 100 | static int compat_to_user(void __user *dst, void *src) |
101 | { | 101 | { |
102 | struct xt_connmark_info *m = src; | 102 | const struct xt_connmark_info *m = src; |
103 | struct compat_xt_connmark_info cm = { | 103 | struct compat_xt_connmark_info cm = { |
104 | .mark = m->mark, | 104 | .mark = m->mark, |
105 | .mask = m->mask, | 105 | .mask = m->mask, |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 87364f58a4b9..9e3ec31f2016 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
@@ -30,11 +30,11 @@ match(const struct sk_buff *skb, | |||
30 | bool *hotdrop) | 30 | bool *hotdrop) |
31 | { | 31 | { |
32 | const struct xt_conntrack_info *sinfo = matchinfo; | 32 | const struct xt_conntrack_info *sinfo = matchinfo; |
33 | struct nf_conn *ct; | 33 | const struct nf_conn *ct; |
34 | enum ip_conntrack_info ctinfo; | 34 | enum ip_conntrack_info ctinfo; |
35 | unsigned int statebit; | 35 | unsigned int statebit; |
36 | 36 | ||
37 | ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); | 37 | ct = nf_ct_get(skb, &ctinfo); |
38 | 38 | ||
39 | #define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg)) | 39 | #define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg)) |
40 | 40 | ||
@@ -150,7 +150,7 @@ struct compat_xt_conntrack_info | |||
150 | 150 | ||
151 | static void compat_from_user(void *dst, void *src) | 151 | static void compat_from_user(void *dst, void *src) |
152 | { | 152 | { |
153 | struct compat_xt_conntrack_info *cm = src; | 153 | const struct compat_xt_conntrack_info *cm = src; |
154 | struct xt_conntrack_info m = { | 154 | struct xt_conntrack_info m = { |
155 | .statemask = cm->statemask, | 155 | .statemask = cm->statemask, |
156 | .statusmask = cm->statusmask, | 156 | .statusmask = cm->statusmask, |
@@ -167,7 +167,7 @@ static void compat_from_user(void *dst, void *src) | |||
167 | 167 | ||
168 | static int compat_to_user(void __user *dst, void *src) | 168 | static int compat_to_user(void __user *dst, void *src) |
169 | { | 169 | { |
170 | struct xt_conntrack_info *m = src; | 170 | const struct xt_conntrack_info *m = src; |
171 | struct compat_xt_conntrack_info cm = { | 171 | struct compat_xt_conntrack_info cm = { |
172 | .statemask = m->statemask, | 172 | .statemask = m->statemask, |
173 | .statusmask = m->statusmask, | 173 | .statusmask = m->statusmask, |
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 24895902cfe0..1b77c5bcb348 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c | |||
@@ -39,7 +39,7 @@ dccp_find_option(u_int8_t option, | |||
39 | bool *hotdrop) | 39 | bool *hotdrop) |
40 | { | 40 | { |
41 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ | 41 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
42 | unsigned char *op; | 42 | const unsigned char *op; |
43 | unsigned int optoff = __dccp_hdr_len(dh); | 43 | unsigned int optoff = __dccp_hdr_len(dh); |
44 | unsigned int optlen = dh->dccph_doff*4 - __dccp_hdr_len(dh); | 44 | unsigned int optlen = dh->dccph_doff*4 - __dccp_hdr_len(dh); |
45 | unsigned int i; | 45 | unsigned int i; |
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index a1b5996447dd..deb5890aa3ac 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c | |||
@@ -95,7 +95,7 @@ static HLIST_HEAD(hashlimit_htables); | |||
95 | static struct kmem_cache *hashlimit_cachep __read_mostly; | 95 | static struct kmem_cache *hashlimit_cachep __read_mostly; |
96 | 96 | ||
97 | static inline bool dst_cmp(const struct dsthash_ent *ent, | 97 | static inline bool dst_cmp(const struct dsthash_ent *ent, |
98 | struct dsthash_dst *b) | 98 | const struct dsthash_dst *b) |
99 | { | 99 | { |
100 | return !memcmp(&ent->dst, b, sizeof(ent->dst)); | 100 | return !memcmp(&ent->dst, b, sizeof(ent->dst)); |
101 | } | 101 | } |
@@ -107,7 +107,8 @@ hash_dst(const struct xt_hashlimit_htable *ht, const struct dsthash_dst *dst) | |||
107 | } | 107 | } |
108 | 108 | ||
109 | static struct dsthash_ent * | 109 | static struct dsthash_ent * |
110 | dsthash_find(const struct xt_hashlimit_htable *ht, struct dsthash_dst *dst) | 110 | dsthash_find(const struct xt_hashlimit_htable *ht, |
111 | const struct dsthash_dst *dst) | ||
111 | { | 112 | { |
112 | struct dsthash_ent *ent; | 113 | struct dsthash_ent *ent; |
113 | struct hlist_node *pos; | 114 | struct hlist_node *pos; |
@@ -123,7 +124,8 @@ dsthash_find(const struct xt_hashlimit_htable *ht, struct dsthash_dst *dst) | |||
123 | 124 | ||
124 | /* allocate dsthash_ent, initialize dst, put in htable and lock it */ | 125 | /* allocate dsthash_ent, initialize dst, put in htable and lock it */ |
125 | static struct dsthash_ent * | 126 | static struct dsthash_ent * |
126 | dsthash_alloc_init(struct xt_hashlimit_htable *ht, struct dsthash_dst *dst) | 127 | dsthash_alloc_init(struct xt_hashlimit_htable *ht, |
128 | const struct dsthash_dst *dst) | ||
127 | { | 129 | { |
128 | struct dsthash_ent *ent; | 130 | struct dsthash_ent *ent; |
129 | 131 | ||
@@ -228,19 +230,21 @@ static int htable_create(struct xt_hashlimit_info *minfo, int family) | |||
228 | return 0; | 230 | return 0; |
229 | } | 231 | } |
230 | 232 | ||
231 | static bool select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) | 233 | static bool select_all(const struct xt_hashlimit_htable *ht, |
234 | const struct dsthash_ent *he) | ||
232 | { | 235 | { |
233 | return 1; | 236 | return 1; |
234 | } | 237 | } |
235 | 238 | ||
236 | static bool select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) | 239 | static bool select_gc(const struct xt_hashlimit_htable *ht, |
240 | const struct dsthash_ent *he) | ||
237 | { | 241 | { |
238 | return (jiffies >= he->expires); | 242 | return (jiffies >= he->expires); |
239 | } | 243 | } |
240 | 244 | ||
241 | static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, | 245 | static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, |
242 | bool (*select)(struct xt_hashlimit_htable *ht, | 246 | bool (*select)(const struct xt_hashlimit_htable *ht, |
243 | struct dsthash_ent *he)) | 247 | const struct dsthash_ent *he)) |
244 | { | 248 | { |
245 | unsigned int i; | 249 | unsigned int i; |
246 | 250 | ||
@@ -283,7 +287,8 @@ static void htable_destroy(struct xt_hashlimit_htable *hinfo) | |||
283 | vfree(hinfo); | 287 | vfree(hinfo); |
284 | } | 288 | } |
285 | 289 | ||
286 | static struct xt_hashlimit_htable *htable_find_get(char *name, int family) | 290 | static struct xt_hashlimit_htable *htable_find_get(const char *name, |
291 | int family) | ||
287 | { | 292 | { |
288 | struct xt_hashlimit_htable *hinfo; | 293 | struct xt_hashlimit_htable *hinfo; |
289 | struct hlist_node *pos; | 294 | struct hlist_node *pos; |
@@ -368,7 +373,8 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now) | |||
368 | } | 373 | } |
369 | 374 | ||
370 | static int | 375 | static int |
371 | hashlimit_init_dst(struct xt_hashlimit_htable *hinfo, struct dsthash_dst *dst, | 376 | hashlimit_init_dst(const struct xt_hashlimit_htable *hinfo, |
377 | struct dsthash_dst *dst, | ||
372 | const struct sk_buff *skb, unsigned int protoff) | 378 | const struct sk_buff *skb, unsigned int protoff) |
373 | { | 379 | { |
374 | __be16 _ports[2], *ports; | 380 | __be16 _ports[2], *ports; |
@@ -443,8 +449,8 @@ hashlimit_match(const struct sk_buff *skb, | |||
443 | unsigned int protoff, | 449 | unsigned int protoff, |
444 | bool *hotdrop) | 450 | bool *hotdrop) |
445 | { | 451 | { |
446 | struct xt_hashlimit_info *r = | 452 | const struct xt_hashlimit_info *r = |
447 | ((struct xt_hashlimit_info *)matchinfo)->u.master; | 453 | ((const struct xt_hashlimit_info *)matchinfo)->u.master; |
448 | struct xt_hashlimit_htable *hinfo = r->hinfo; | 454 | struct xt_hashlimit_htable *hinfo = r->hinfo; |
449 | unsigned long now = jiffies; | 455 | unsigned long now = jiffies; |
450 | struct dsthash_ent *dh; | 456 | struct dsthash_ent *dh; |
@@ -543,7 +549,7 @@ hashlimit_checkentry(const char *tablename, | |||
543 | static void | 549 | static void |
544 | hashlimit_destroy(const struct xt_match *match, void *matchinfo) | 550 | hashlimit_destroy(const struct xt_match *match, void *matchinfo) |
545 | { | 551 | { |
546 | struct xt_hashlimit_info *r = matchinfo; | 552 | const struct xt_hashlimit_info *r = matchinfo; |
547 | 553 | ||
548 | htable_put(r->hinfo); | 554 | htable_put(r->hinfo); |
549 | } | 555 | } |
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index a2688b807a99..047d0046b28c 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c | |||
@@ -39,12 +39,12 @@ match(const struct sk_buff *skb, | |||
39 | bool *hotdrop) | 39 | bool *hotdrop) |
40 | { | 40 | { |
41 | const struct xt_helper_info *info = matchinfo; | 41 | const struct xt_helper_info *info = matchinfo; |
42 | struct nf_conn *ct; | 42 | const struct nf_conn *ct; |
43 | struct nf_conn_help *master_help; | 43 | const struct nf_conn_help *master_help; |
44 | enum ip_conntrack_info ctinfo; | 44 | enum ip_conntrack_info ctinfo; |
45 | bool ret = info->invert; | 45 | bool ret = info->invert; |
46 | 46 | ||
47 | ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); | 47 | ct = nf_ct_get(skb, &ctinfo); |
48 | if (!ct) { | 48 | if (!ct) { |
49 | DEBUGP("xt_helper: Eek! invalid conntrack?\n"); | 49 | DEBUGP("xt_helper: Eek! invalid conntrack?\n"); |
50 | return ret; | 50 | return ret; |
diff --git a/net/netfilter/xt_limit.c b/net/netfilter/xt_limit.c index 2717aa65246a..b042419462af 100644 --- a/net/netfilter/xt_limit.c +++ b/net/netfilter/xt_limit.c | |||
@@ -67,7 +67,8 @@ ipt_limit_match(const struct sk_buff *skb, | |||
67 | unsigned int protoff, | 67 | unsigned int protoff, |
68 | bool *hotdrop) | 68 | bool *hotdrop) |
69 | { | 69 | { |
70 | struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master; | 70 | struct xt_rateinfo *r = |
71 | ((const struct xt_rateinfo *)matchinfo)->master; | ||
71 | unsigned long now = jiffies; | 72 | unsigned long now = jiffies; |
72 | 73 | ||
73 | spin_lock_bh(&limit_lock); | 74 | spin_lock_bh(&limit_lock); |
@@ -144,7 +145,7 @@ struct compat_xt_rateinfo { | |||
144 | * master pointer, which does not need to be preserved. */ | 145 | * master pointer, which does not need to be preserved. */ |
145 | static void compat_from_user(void *dst, void *src) | 146 | static void compat_from_user(void *dst, void *src) |
146 | { | 147 | { |
147 | struct compat_xt_rateinfo *cm = src; | 148 | const struct compat_xt_rateinfo *cm = src; |
148 | struct xt_rateinfo m = { | 149 | struct xt_rateinfo m = { |
149 | .avg = cm->avg, | 150 | .avg = cm->avg, |
150 | .burst = cm->burst, | 151 | .burst = cm->burst, |
@@ -158,7 +159,7 @@ static void compat_from_user(void *dst, void *src) | |||
158 | 159 | ||
159 | static int compat_to_user(void __user *dst, void *src) | 160 | static int compat_to_user(void __user *dst, void *src) |
160 | { | 161 | { |
161 | struct xt_rateinfo *m = src; | 162 | const struct xt_rateinfo *m = src; |
162 | struct compat_xt_rateinfo cm = { | 163 | struct compat_xt_rateinfo cm = { |
163 | .avg = m->avg, | 164 | .avg = m->avg, |
164 | .burst = m->burst, | 165 | .burst = m->burst, |
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c index 83ed806764b4..b8ab79452f08 100644 --- a/net/netfilter/xt_mark.c +++ b/net/netfilter/xt_mark.c | |||
@@ -60,7 +60,7 @@ struct compat_xt_mark_info { | |||
60 | 60 | ||
61 | static void compat_from_user(void *dst, void *src) | 61 | static void compat_from_user(void *dst, void *src) |
62 | { | 62 | { |
63 | struct compat_xt_mark_info *cm = src; | 63 | const struct compat_xt_mark_info *cm = src; |
64 | struct xt_mark_info m = { | 64 | struct xt_mark_info m = { |
65 | .mark = cm->mark, | 65 | .mark = cm->mark, |
66 | .mask = cm->mask, | 66 | .mask = cm->mask, |
@@ -71,7 +71,7 @@ static void compat_from_user(void *dst, void *src) | |||
71 | 71 | ||
72 | static int compat_to_user(void __user *dst, void *src) | 72 | static int compat_to_user(void __user *dst, void *src) |
73 | { | 73 | { |
74 | struct xt_mark_info *m = src; | 74 | const struct xt_mark_info *m = src; |
75 | struct compat_xt_mark_info cm = { | 75 | struct compat_xt_mark_info cm = { |
76 | .mark = m->mark, | 76 | .mark = m->mark, |
77 | .mask = m->mask, | 77 | .mask = m->mask, |
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index 34f0d3e44ea7..467b2dcf7e6b 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c | |||
@@ -36,7 +36,7 @@ match(const struct sk_buff *skb, | |||
36 | const struct xt_physdev_info *info = matchinfo; | 36 | const struct xt_physdev_info *info = matchinfo; |
37 | bool ret; | 37 | bool ret; |
38 | const char *indev, *outdev; | 38 | const char *indev, *outdev; |
39 | struct nf_bridge_info *nf_bridge; | 39 | const struct nf_bridge_info *nf_bridge; |
40 | 40 | ||
41 | /* Not a bridged IP packet or no info available yet: | 41 | /* Not a bridged IP packet or no info available yet: |
42 | * LOCAL_OUT/mangle and LOCAL_OUT/nat don't know if | 42 | * LOCAL_OUT/mangle and LOCAL_OUT/nat don't know if |
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 1534de55cdb6..5ab6d71f8d05 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c | |||
@@ -34,7 +34,7 @@ xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, | |||
34 | } | 34 | } |
35 | 35 | ||
36 | static inline bool | 36 | static inline bool |
37 | match_xfrm_state(struct xfrm_state *x, const struct xt_policy_elem *e, | 37 | match_xfrm_state(const struct xfrm_state *x, const struct xt_policy_elem *e, |
38 | unsigned short family) | 38 | unsigned short family) |
39 | { | 39 | { |
40 | #define MATCH_ADDR(x,y,z) (!e->match.x || \ | 40 | #define MATCH_ADDR(x,y,z) (!e->match.x || \ |
@@ -55,7 +55,7 @@ match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info, | |||
55 | unsigned short family) | 55 | unsigned short family) |
56 | { | 56 | { |
57 | const struct xt_policy_elem *e; | 57 | const struct xt_policy_elem *e; |
58 | struct sec_path *sp = skb->sp; | 58 | const struct sec_path *sp = skb->sp; |
59 | int strict = info->flags & XT_POLICY_MATCH_STRICT; | 59 | int strict = info->flags & XT_POLICY_MATCH_STRICT; |
60 | int i, pos; | 60 | int i, pos; |
61 | 61 | ||
@@ -85,7 +85,7 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info, | |||
85 | unsigned short family) | 85 | unsigned short family) |
86 | { | 86 | { |
87 | const struct xt_policy_elem *e; | 87 | const struct xt_policy_elem *e; |
88 | struct dst_entry *dst = skb->dst; | 88 | const struct dst_entry *dst = skb->dst; |
89 | int strict = info->flags & XT_POLICY_MATCH_STRICT; | 89 | int strict = info->flags & XT_POLICY_MATCH_STRICT; |
90 | int i, pos; | 90 | int i, pos; |
91 | 91 | ||
diff --git a/net/netfilter/xt_quota.c b/net/netfilter/xt_quota.c index e13d62a8caba..feb130d14f2c 100644 --- a/net/netfilter/xt_quota.c +++ b/net/netfilter/xt_quota.c | |||
@@ -22,7 +22,8 @@ match(const struct sk_buff *skb, | |||
22 | const struct xt_match *match, const void *matchinfo, | 22 | const struct xt_match *match, const void *matchinfo, |
23 | int offset, unsigned int protoff, bool *hotdrop) | 23 | int offset, unsigned int protoff, bool *hotdrop) |
24 | { | 24 | { |
25 | struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; | 25 | struct xt_quota_info *q = |
26 | ((const struct xt_quota_info *)matchinfo)->master; | ||
26 | bool ret = q->flags & XT_QUOTA_INVERT; | 27 | bool ret = q->flags & XT_QUOTA_INVERT; |
27 | 28 | ||
28 | spin_lock_bh("a_lock); | 29 | spin_lock_bh("a_lock); |
@@ -43,7 +44,7 @@ checkentry(const char *tablename, const void *entry, | |||
43 | const struct xt_match *match, void *matchinfo, | 44 | const struct xt_match *match, void *matchinfo, |
44 | unsigned int hook_mask) | 45 | unsigned int hook_mask) |
45 | { | 46 | { |
46 | struct xt_quota_info *q = (struct xt_quota_info *)matchinfo; | 47 | struct xt_quota_info *q = matchinfo; |
47 | 48 | ||
48 | if (q->flags & ~XT_QUOTA_MASK) | 49 | if (q->flags & ~XT_QUOTA_MASK) |
49 | return false; | 50 | return false; |
diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c index ad82c132694c..44b807d279ad 100644 --- a/net/netfilter/xt_realm.c +++ b/net/netfilter/xt_realm.c | |||
@@ -32,7 +32,7 @@ match(const struct sk_buff *skb, | |||
32 | bool *hotdrop) | 32 | bool *hotdrop) |
33 | { | 33 | { |
34 | const struct xt_realm_info *info = matchinfo; | 34 | const struct xt_realm_info *info = matchinfo; |
35 | struct dst_entry *dst = skb->dst; | 35 | const struct dst_entry *dst = skb->dst; |
36 | 36 | ||
37 | return (info->id == (dst->tclassid & info->mask)) ^ info->invert; | 37 | return (info->id == (dst->tclassid & info->mask)) ^ info->invert; |
38 | } | 38 | } |
diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c index 0af42892e9dc..3da4978287f3 100644 --- a/net/netfilter/xt_statistic.c +++ b/net/netfilter/xt_statistic.c | |||
@@ -57,7 +57,7 @@ checkentry(const char *tablename, const void *entry, | |||
57 | const struct xt_match *match, void *matchinfo, | 57 | const struct xt_match *match, void *matchinfo, |
58 | unsigned int hook_mask) | 58 | unsigned int hook_mask) |
59 | { | 59 | { |
60 | struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; | 60 | struct xt_statistic_info *info = matchinfo; |
61 | 61 | ||
62 | if (info->mode > XT_STATISTIC_MODE_MAX || | 62 | if (info->mode > XT_STATISTIC_MODE_MAX || |
63 | info->flags & ~XT_STATISTIC_MASK) | 63 | info->flags & ~XT_STATISTIC_MASK) |