aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c12
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c2
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c3
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c6
-rw-r--r--net/ipv4/netfilter/ipt_recent.c6
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c4
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c3
-rw-r--r--net/ipv6/netfilter/ip6t_ipv6header.c3
-rw-r--r--net/ipv6/netfilter/ip6t_rt.c3
-rw-r--r--net/netfilter/xt_CONNSECMARK.c2
-rw-r--r--net/netfilter/xt_RATEEST.c2
-rw-r--r--net/netfilter/xt_connlimit.c6
-rw-r--r--net/netfilter/xt_dccp.c3
-rw-r--r--net/netfilter/xt_esp.c3
-rw-r--r--net/netfilter/xt_multiport.c6
-rw-r--r--net/netfilter/xt_policy.c2
-rw-r--r--net/netfilter/xt_rateest.c4
-rw-r--r--net/netfilter/xt_sctp.c6
-rw-r--r--net/netfilter/xt_tcpmss.c6
-rw-r--r--net/netfilter/xt_tcpudp.c9
-rw-r--r--net/netfilter/xt_time.c2
21 files changed, 55 insertions, 38 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 965b08a7d738..2510d4fcdb54 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -142,7 +142,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
142} 142}
143 143
144static struct clusterip_config * 144static struct clusterip_config *
145clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip, 145clusterip_config_init(const struct ipt_clusterip_tgt_info *i, __be32 ip,
146 struct net_device *dev) 146 struct net_device *dev)
147{ 147{
148 struct clusterip_config *c; 148 struct clusterip_config *c;
@@ -416,7 +416,7 @@ clusterip_tg_check(const char *tablename, const void *e_void,
416/* drop reference count of cluster config when rule is deleted */ 416/* drop reference count of cluster config when rule is deleted */
417static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo) 417static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo)
418{ 418{
419 struct ipt_clusterip_tgt_info *cipinfo = targinfo; 419 const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
420 420
421 /* if no more entries are referencing the config, remove it 421 /* if no more entries are referencing the config, remove it
422 * from the list and destroy the proc entry */ 422 * from the list and destroy the proc entry */
@@ -565,7 +565,7 @@ struct clusterip_seq_position {
565 565
566static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) 566static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
567{ 567{
568 struct proc_dir_entry *pde = s->private; 568 const struct proc_dir_entry *pde = s->private;
569 struct clusterip_config *c = pde->data; 569 struct clusterip_config *c = pde->data;
570 unsigned int weight; 570 unsigned int weight;
571 u_int32_t local_nodes; 571 u_int32_t local_nodes;
@@ -592,7 +592,7 @@ static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
592 592
593static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos) 593static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos)
594{ 594{
595 struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v; 595 struct clusterip_seq_position *idx = v;
596 596
597 *pos = ++idx->pos; 597 *pos = ++idx->pos;
598 if (*pos >= idx->weight) { 598 if (*pos >= idx->weight) {
@@ -611,7 +611,7 @@ static void clusterip_seq_stop(struct seq_file *s, void *v)
611 611
612static int clusterip_seq_show(struct seq_file *s, void *v) 612static int clusterip_seq_show(struct seq_file *s, void *v)
613{ 613{
614 struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v; 614 struct clusterip_seq_position *idx = v;
615 615
616 if (idx->pos != 0) 616 if (idx->pos != 0)
617 seq_putc(s, ','); 617 seq_putc(s, ',');
@@ -667,7 +667,7 @@ static ssize_t clusterip_proc_write(struct file *file, const char __user *input,
667{ 667{
668#define PROC_WRITELEN 10 668#define PROC_WRITELEN 10
669 char buffer[PROC_WRITELEN+1]; 669 char buffer[PROC_WRITELEN+1];
670 struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); 670 const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
671 struct clusterip_config *c = pde->data; 671 struct clusterip_config *c = pde->data;
672 unsigned long nodenum; 672 unsigned long nodenum;
673 673
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 21395bc2b27f..d60139c134ca 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -100,7 +100,7 @@ ecn_tg_check(const char *tablename, const void *e_void,
100 const struct xt_target *target, void *targinfo, 100 const struct xt_target *target, void *targinfo,
101 unsigned int hook_mask) 101 unsigned int hook_mask)
102{ 102{
103 const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo; 103 const struct ipt_ECN_info *einfo = targinfo;
104 const struct ipt_entry *e = e_void; 104 const struct ipt_entry *e = e_void;
105 105
106 if (einfo->operation & IPT_ECN_OP_MASK) { 106 if (einfo->operation & IPT_ECN_OP_MASK) {
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index c40e233e271b..0af14137137b 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -76,7 +76,8 @@ static void dump_packet(const struct nf_loginfo *info,
76 76
77 if ((logflags & IPT_LOG_IPOPT) 77 if ((logflags & IPT_LOG_IPOPT)
78 && ih->ihl * 4 > sizeof(struct iphdr)) { 78 && ih->ihl * 4 > sizeof(struct iphdr)) {
79 unsigned char _opt[4 * 15 - sizeof(struct iphdr)], *op; 79 const unsigned char *op;
80 unsigned char _opt[4 * 15 - sizeof(struct iphdr)];
80 unsigned int i, optsize; 81 unsigned int i, optsize;
81 82
82 optsize = ih->ihl * 4 - sizeof(struct iphdr); 83 optsize = ih->ihl * 4 - sizeof(struct iphdr);
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 22606e2baa16..2639872849da 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -35,8 +35,10 @@ MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv4");
35static void send_reset(struct sk_buff *oldskb, int hook) 35static void send_reset(struct sk_buff *oldskb, int hook)
36{ 36{
37 struct sk_buff *nskb; 37 struct sk_buff *nskb;
38 struct iphdr *oiph, *niph; 38 const struct iphdr *oiph;
39 struct tcphdr _otcph, *oth, *tcph; 39 struct iphdr *niph;
40 const struct tcphdr *oth;
41 struct tcphdr _otcph, *tcph;
40 unsigned int addr_type; 42 unsigned int addr_type;
41 43
42 /* IP header checks: fragment. */ 44 /* IP header checks: fragment. */
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 50e06690eb5b..21cb053f5d7d 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -340,7 +340,7 @@ static void *recent_seq_start(struct seq_file *seq, loff_t *pos)
340static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos) 340static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos)
341{ 341{
342 struct recent_iter_state *st = seq->private; 342 struct recent_iter_state *st = seq->private;
343 struct recent_table *t = st->table; 343 const struct recent_table *t = st->table;
344 struct recent_entry *e = v; 344 struct recent_entry *e = v;
345 struct list_head *head = e->list.next; 345 struct list_head *head = e->list.next;
346 346
@@ -361,7 +361,7 @@ static void recent_seq_stop(struct seq_file *s, void *v)
361 361
362static int recent_seq_show(struct seq_file *seq, void *v) 362static int recent_seq_show(struct seq_file *seq, void *v)
363{ 363{
364 struct recent_entry *e = v; 364 const struct recent_entry *e = v;
365 unsigned int i; 365 unsigned int i;
366 366
367 i = (e->index - 1) % ip_pkt_list_tot; 367 i = (e->index - 1) % ip_pkt_list_tot;
@@ -396,7 +396,7 @@ static int recent_seq_open(struct inode *inode, struct file *file)
396static ssize_t recent_proc_write(struct file *file, const char __user *input, 396static ssize_t recent_proc_write(struct file *file, const char __user *input,
397 size_t size, loff_t *loff) 397 size_t size, loff_t *loff)
398{ 398{
399 struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); 399 const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
400 struct recent_table *t = pde->data; 400 struct recent_table *t = pde->data;
401 struct recent_entry *e; 401 struct recent_entry *e;
402 char buf[sizeof("+255.255.255.255")], *c = buf; 402 char buf[sizeof("+255.255.255.255")], *c = buf;
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index e330a2974de1..ebe0c7903ae9 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -143,7 +143,7 @@ static bool ipt_snat_checkentry(const char *tablename,
143 void *targinfo, 143 void *targinfo,
144 unsigned int hook_mask) 144 unsigned int hook_mask)
145{ 145{
146 struct nf_nat_multi_range_compat *mr = targinfo; 146 const struct nf_nat_multi_range_compat *mr = targinfo;
147 147
148 /* Must be a valid range */ 148 /* Must be a valid range */
149 if (mr->rangesize != 1) { 149 if (mr->rangesize != 1) {
@@ -159,7 +159,7 @@ static bool ipt_dnat_checkentry(const char *tablename,
159 void *targinfo, 159 void *targinfo,
160 unsigned int hook_mask) 160 unsigned int hook_mask)
161{ 161{
162 struct nf_nat_multi_range_compat *mr = targinfo; 162 const struct nf_nat_multi_range_compat *mr = targinfo;
163 163
164 /* Must be a valid range */ 164 /* Must be a valid range */
165 if (mr->rangesize != 1) { 165 if (mr->rangesize != 1) {
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index baf829075f6f..44c8d65a2431 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -41,7 +41,8 @@ static void send_reset(struct sk_buff *oldskb)
41 struct tcphdr otcph, *tcph; 41 struct tcphdr otcph, *tcph;
42 unsigned int otcplen, hh_len; 42 unsigned int otcplen, hh_len;
43 int tcphoff, needs_ack; 43 int tcphoff, needs_ack;
44 struct ipv6hdr *oip6h = ipv6_hdr(oldskb), *ip6h; 44 const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
45 struct ipv6hdr *ip6h;
45 struct dst_entry *dst = NULL; 46 struct dst_entry *dst = NULL;
46 u8 proto; 47 u8 proto;
47 struct flowi fl; 48 struct flowi fl;
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 3a940171f829..317a8960a757 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -49,7 +49,8 @@ ipv6header_mt6(const struct sk_buff *skb, const struct net_device *in,
49 temp = 0; 49 temp = 0;
50 50
51 while (ip6t_ext_hdr(nexthdr)) { 51 while (ip6t_ext_hdr(nexthdr)) {
52 struct ipv6_opt_hdr _hdr, *hp; 52 const struct ipv6_opt_hdr *hp;
53 struct ipv6_opt_hdr _hdr;
53 int hdrlen; 54 int hdrlen;
54 55
55 /* Is there enough space for the next ext header? */ 56 /* Is there enough space for the next ext header? */
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 12a9efe9886e..81aaf7aaaabf 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -110,7 +110,8 @@ rt_mt6(const struct sk_buff *skb, const struct net_device *in,
110 !!(rtinfo->invflags & IP6T_RT_INV_TYP))); 110 !!(rtinfo->invflags & IP6T_RT_INV_TYP)));
111 111
112 if (ret && (rtinfo->flags & IP6T_RT_RES)) { 112 if (ret && (rtinfo->flags & IP6T_RT_RES)) {
113 u_int32_t *rp, _reserved; 113 const u_int32_t *rp;
114 u_int32_t _reserved;
114 rp = skb_header_pointer(skb, 115 rp = skb_header_pointer(skb,
115 ptr + offsetof(struct rt0_hdr, 116 ptr + offsetof(struct rt0_hdr,
116 reserved), 117 reserved),
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index 1faa9136195d..211189eb2b67 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -55,7 +55,7 @@ static void secmark_save(const struct sk_buff *skb)
55static void secmark_restore(struct sk_buff *skb) 55static void secmark_restore(struct sk_buff *skb)
56{ 56{
57 if (!skb->secmark) { 57 if (!skb->secmark) {
58 struct nf_conn *ct; 58 const struct nf_conn *ct;
59 enum ip_conntrack_info ctinfo; 59 enum ip_conntrack_info ctinfo;
60 60
61 ct = nf_ct_get(skb, &ctinfo); 61 ct = nf_ct_get(skb, &ctinfo);
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c
index 24c73ba31eaa..64d6ad380293 100644
--- a/net/netfilter/xt_RATEEST.c
+++ b/net/netfilter/xt_RATEEST.c
@@ -96,7 +96,7 @@ xt_rateest_tg_checkentry(const char *tablename,
96 void *targinfo, 96 void *targinfo,
97 unsigned int hook_mask) 97 unsigned int hook_mask)
98{ 98{
99 struct xt_rateest_target_info *info = (void *)targinfo; 99 struct xt_rateest_target_info *info = targinfo;
100 struct xt_rateest *est; 100 struct xt_rateest *est;
101 struct { 101 struct {
102 struct nlattr opt; 102 struct nlattr opt;
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 3b0111933f60..0ca9fe9da203 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -106,10 +106,10 @@ static int count_them(struct xt_connlimit_data *data,
106 const union nf_inet_addr *mask, 106 const union nf_inet_addr *mask,
107 const struct xt_match *match) 107 const struct xt_match *match)
108{ 108{
109 struct nf_conntrack_tuple_hash *found; 109 const struct nf_conntrack_tuple_hash *found;
110 struct xt_connlimit_conn *conn; 110 struct xt_connlimit_conn *conn;
111 struct xt_connlimit_conn *tmp; 111 struct xt_connlimit_conn *tmp;
112 struct nf_conn *found_ct; 112 const struct nf_conn *found_ct;
113 struct list_head *hash; 113 struct list_head *hash;
114 bool addit = true; 114 bool addit = true;
115 int matches = 0; 115 int matches = 0;
@@ -256,7 +256,7 @@ connlimit_mt_check(const char *tablename, const void *ip,
256static void 256static void
257connlimit_mt_destroy(const struct xt_match *match, void *matchinfo) 257connlimit_mt_destroy(const struct xt_match *match, void *matchinfo)
258{ 258{
259 struct xt_connlimit_info *info = matchinfo; 259 const struct xt_connlimit_info *info = matchinfo;
260 struct xt_connlimit_conn *conn; 260 struct xt_connlimit_conn *conn;
261 struct xt_connlimit_conn *tmp; 261 struct xt_connlimit_conn *tmp;
262 struct list_head *hash = info->data->iphash; 262 struct list_head *hash = info->data->iphash;
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c
index 667f45e72cd9..8b6522186d9f 100644
--- a/net/netfilter/xt_dccp.c
+++ b/net/netfilter/xt_dccp.c
@@ -98,7 +98,8 @@ dccp_mt(const struct sk_buff *skb, const struct net_device *in,
98 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) 98 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
99{ 99{
100 const struct xt_dccp_info *info = matchinfo; 100 const struct xt_dccp_info *info = matchinfo;
101 struct dccp_hdr _dh, *dh; 101 const struct dccp_hdr *dh;
102 struct dccp_hdr _dh;
102 103
103 if (offset) 104 if (offset)
104 return false; 105 return false;
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c
index 71c7c3785266..a133eb9b23e1 100644
--- a/net/netfilter/xt_esp.c
+++ b/net/netfilter/xt_esp.c
@@ -47,7 +47,8 @@ esp_mt(const struct sk_buff *skb, const struct net_device *in,
47 const struct net_device *out, const struct xt_match *match, 47 const struct net_device *out, const struct xt_match *match,
48 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) 48 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
49{ 49{
50 struct ip_esp_hdr _esp, *eh; 50 const struct ip_esp_hdr *eh;
51 struct ip_esp_hdr _esp;
51 const struct xt_esp *espinfo = matchinfo; 52 const struct xt_esp *espinfo = matchinfo;
52 53
53 /* Must not be a fragment. */ 54 /* Must not be a fragment. */
diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c
index 31daa8192422..fd88c489b70e 100644
--- a/net/netfilter/xt_multiport.c
+++ b/net/netfilter/xt_multiport.c
@@ -100,7 +100,8 @@ multiport_mt_v0(const struct sk_buff *skb, const struct net_device *in,
100 const void *matchinfo, int offset, unsigned int protoff, 100 const void *matchinfo, int offset, unsigned int protoff,
101 bool *hotdrop) 101 bool *hotdrop)
102{ 102{
103 __be16 _ports[2], *pptr; 103 const __be16 *pptr;
104 __be16 _ports[2];
104 const struct xt_multiport *multiinfo = matchinfo; 105 const struct xt_multiport *multiinfo = matchinfo;
105 106
106 if (offset) 107 if (offset)
@@ -126,7 +127,8 @@ multiport_mt(const struct sk_buff *skb, const struct net_device *in,
126 const void *matchinfo, int offset, unsigned int protoff, 127 const void *matchinfo, int offset, unsigned int protoff,
127 bool *hotdrop) 128 bool *hotdrop)
128{ 129{
129 __be16 _ports[2], *pptr; 130 const __be16 *pptr;
131 __be16 _ports[2];
130 const struct xt_multiport_v1 *multiinfo = matchinfo; 132 const struct xt_multiport_v1 *multiinfo = matchinfo;
131 133
132 if (offset) 134 if (offset)
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index 9e918add2282..d351582b2a3d 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -136,7 +136,7 @@ policy_mt_check(const char *tablename, const void *ip_void,
136 const struct xt_match *match, void *matchinfo, 136 const struct xt_match *match, void *matchinfo,
137 unsigned int hook_mask) 137 unsigned int hook_mask)
138{ 138{
139 struct xt_policy_info *info = matchinfo; 139 const struct xt_policy_info *info = matchinfo;
140 140
141 if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) { 141 if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) {
142 printk(KERN_ERR "xt_policy: neither incoming nor " 142 printk(KERN_ERR "xt_policy: neither incoming nor "
diff --git a/net/netfilter/xt_rateest.c b/net/netfilter/xt_rateest.c
index fdb86a515146..ebd84f1b4f62 100644
--- a/net/netfilter/xt_rateest.c
+++ b/net/netfilter/xt_rateest.c
@@ -86,7 +86,7 @@ static bool xt_rateest_mt_checkentry(const char *tablename,
86 void *matchinfo, 86 void *matchinfo,
87 unsigned int hook_mask) 87 unsigned int hook_mask)
88{ 88{
89 struct xt_rateest_match_info *info = (void *)matchinfo; 89 struct xt_rateest_match_info *info = matchinfo;
90 struct xt_rateest *est1, *est2; 90 struct xt_rateest *est1, *est2;
91 91
92 if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS | 92 if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS |
@@ -130,7 +130,7 @@ err1:
130static void xt_rateest_mt_destroy(const struct xt_match *match, 130static void xt_rateest_mt_destroy(const struct xt_match *match,
131 void *matchinfo) 131 void *matchinfo)
132{ 132{
133 struct xt_rateest_match_info *info = (void *)matchinfo; 133 struct xt_rateest_match_info *info = matchinfo;
134 134
135 xt_rateest_put(info->est1); 135 xt_rateest_put(info->est1);
136 if (info->est2) 136 if (info->est2)
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index b718ec64333d..e6e4681fa047 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -46,7 +46,8 @@ match_packet(const struct sk_buff *skb,
46 bool *hotdrop) 46 bool *hotdrop)
47{ 47{
48 u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)]; 48 u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
49 sctp_chunkhdr_t _sch, *sch; 49 const sctp_chunkhdr_t *sch;
50 sctp_chunkhdr_t _sch;
50 int chunk_match_type = info->chunk_match_type; 51 int chunk_match_type = info->chunk_match_type;
51 const struct xt_sctp_flag_info *flag_info = info->flag_info; 52 const struct xt_sctp_flag_info *flag_info = info->flag_info;
52 int flag_count = info->flag_count; 53 int flag_count = info->flag_count;
@@ -121,7 +122,8 @@ sctp_mt(const struct sk_buff *skb, const struct net_device *in,
121 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) 122 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
122{ 123{
123 const struct xt_sctp_info *info = matchinfo; 124 const struct xt_sctp_info *info = matchinfo;
124 sctp_sctphdr_t _sh, *sh; 125 const sctp_sctphdr_t *sh;
126 sctp_sctphdr_t _sh;
125 127
126 if (offset) { 128 if (offset) {
127 duprintf("Dropping non-first fragment.. FIXME\n"); 129 duprintf("Dropping non-first fragment.. FIXME\n");
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c
index d7a5b27fe81e..6771bf01275b 100644
--- a/net/netfilter/xt_tcpmss.c
+++ b/net/netfilter/xt_tcpmss.c
@@ -31,9 +31,11 @@ tcpmss_mt(const struct sk_buff *skb, const struct net_device *in,
31 bool *hotdrop) 31 bool *hotdrop)
32{ 32{
33 const struct xt_tcpmss_match_info *info = matchinfo; 33 const struct xt_tcpmss_match_info *info = matchinfo;
34 struct tcphdr _tcph, *th; 34 const struct tcphdr *th;
35 struct tcphdr _tcph;
35 /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ 36 /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
36 u8 _opt[15 * 4 - sizeof(_tcph)], *op; 37 const u_int8_t *op;
38 u8 _opt[15 * 4 - sizeof(_tcph)];
37 unsigned int i, optlen; 39 unsigned int i, optlen;
38 40
39 /* If we don't have the whole header, drop packet. */ 41 /* If we don't have the whole header, drop packet. */
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c
index 4fa3b669f691..951b06b8d701 100644
--- a/net/netfilter/xt_tcpudp.c
+++ b/net/netfilter/xt_tcpudp.c
@@ -42,7 +42,8 @@ tcp_find_option(u_int8_t option,
42 bool *hotdrop) 42 bool *hotdrop)
43{ 43{
44 /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ 44 /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
45 u_int8_t _opt[60 - sizeof(struct tcphdr)], *op; 45 const u_int8_t *op;
46 u_int8_t _opt[60 - sizeof(struct tcphdr)];
46 unsigned int i; 47 unsigned int i;
47 48
48 duprintf("tcp_match: finding option\n"); 49 duprintf("tcp_match: finding option\n");
@@ -72,7 +73,8 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in,
72 const struct net_device *out, const struct xt_match *match, 73 const struct net_device *out, const struct xt_match *match,
73 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) 74 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
74{ 75{
75 struct tcphdr _tcph, *th; 76 const struct tcphdr *th;
77 struct tcphdr _tcph;
76 const struct xt_tcp *tcpinfo = matchinfo; 78 const struct xt_tcp *tcpinfo = matchinfo;
77 79
78 if (offset) { 80 if (offset) {
@@ -144,7 +146,8 @@ udp_mt(const struct sk_buff *skb, const struct net_device *in,
144 const struct net_device *out, const struct xt_match *match, 146 const struct net_device *out, const struct xt_match *match,
145 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) 147 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
146{ 148{
147 struct udphdr _udph, *uh; 149 const struct udphdr *uh;
150 struct udphdr _udph;
148 const struct xt_udp *udpinfo = matchinfo; 151 const struct xt_udp *udpinfo = matchinfo;
149 152
150 /* Must not be a fragment. */ 153 /* Must not be a fragment. */
diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c
index 9fa2e0824708..ed76baab4734 100644
--- a/net/netfilter/xt_time.c
+++ b/net/netfilter/xt_time.c
@@ -223,7 +223,7 @@ time_mt_check(const char *tablename, const void *ip,
223 const struct xt_match *match, void *matchinfo, 223 const struct xt_match *match, void *matchinfo,
224 unsigned int hook_mask) 224 unsigned int hook_mask)
225{ 225{
226 struct xt_time_info *info = matchinfo; 226 const struct xt_time_info *info = matchinfo;
227 227
228 if (info->daytime_start > XT_TIME_MAX_DAYTIME || 228 if (info->daytime_start > XT_TIME_MAX_DAYTIME ||
229 info->daytime_stop > XT_TIME_MAX_DAYTIME) { 229 info->daytime_stop > XT_TIME_MAX_DAYTIME) {