diff options
-rw-r--r-- | net/ipv4/netfilter/ipt_CLUSTERIP.c | 12 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ECN.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_LOG.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_REJECT.c | 6 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_recent.c | 6 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 4 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 3 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_ipv6header.c | 3 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_rt.c | 3 | ||||
-rw-r--r-- | net/netfilter/xt_CONNSECMARK.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_RATEEST.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_connlimit.c | 6 | ||||
-rw-r--r-- | net/netfilter/xt_dccp.c | 3 | ||||
-rw-r--r-- | net/netfilter/xt_esp.c | 3 | ||||
-rw-r--r-- | net/netfilter/xt_multiport.c | 6 | ||||
-rw-r--r-- | net/netfilter/xt_policy.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_rateest.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_sctp.c | 6 | ||||
-rw-r--r-- | net/netfilter/xt_tcpmss.c | 6 | ||||
-rw-r--r-- | net/netfilter/xt_tcpudp.c | 9 | ||||
-rw-r--r-- | net/netfilter/xt_time.c | 2 |
21 files changed, 55 insertions, 38 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 965b08a7d738..2510d4fcdb54 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -142,7 +142,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c, | |||
142 | } | 142 | } |
143 | 143 | ||
144 | static struct clusterip_config * | 144 | static struct clusterip_config * |
145 | clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip, | 145 | clusterip_config_init(const struct ipt_clusterip_tgt_info *i, __be32 ip, |
146 | struct net_device *dev) | 146 | struct net_device *dev) |
147 | { | 147 | { |
148 | struct clusterip_config *c; | 148 | struct clusterip_config *c; |
@@ -416,7 +416,7 @@ clusterip_tg_check(const char *tablename, const void *e_void, | |||
416 | /* drop reference count of cluster config when rule is deleted */ | 416 | /* drop reference count of cluster config when rule is deleted */ |
417 | static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo) | 417 | static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo) |
418 | { | 418 | { |
419 | struct ipt_clusterip_tgt_info *cipinfo = targinfo; | 419 | const struct ipt_clusterip_tgt_info *cipinfo = targinfo; |
420 | 420 | ||
421 | /* if no more entries are referencing the config, remove it | 421 | /* if no more entries are referencing the config, remove it |
422 | * from the list and destroy the proc entry */ | 422 | * from the list and destroy the proc entry */ |
@@ -565,7 +565,7 @@ struct clusterip_seq_position { | |||
565 | 565 | ||
566 | static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) | 566 | static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) |
567 | { | 567 | { |
568 | struct proc_dir_entry *pde = s->private; | 568 | const struct proc_dir_entry *pde = s->private; |
569 | struct clusterip_config *c = pde->data; | 569 | struct clusterip_config *c = pde->data; |
570 | unsigned int weight; | 570 | unsigned int weight; |
571 | u_int32_t local_nodes; | 571 | u_int32_t local_nodes; |
@@ -592,7 +592,7 @@ static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) | |||
592 | 592 | ||
593 | static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos) | 593 | static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos) |
594 | { | 594 | { |
595 | struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v; | 595 | struct clusterip_seq_position *idx = v; |
596 | 596 | ||
597 | *pos = ++idx->pos; | 597 | *pos = ++idx->pos; |
598 | if (*pos >= idx->weight) { | 598 | if (*pos >= idx->weight) { |
@@ -611,7 +611,7 @@ static void clusterip_seq_stop(struct seq_file *s, void *v) | |||
611 | 611 | ||
612 | static int clusterip_seq_show(struct seq_file *s, void *v) | 612 | static int clusterip_seq_show(struct seq_file *s, void *v) |
613 | { | 613 | { |
614 | struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v; | 614 | struct clusterip_seq_position *idx = v; |
615 | 615 | ||
616 | if (idx->pos != 0) | 616 | if (idx->pos != 0) |
617 | seq_putc(s, ','); | 617 | seq_putc(s, ','); |
@@ -667,7 +667,7 @@ static ssize_t clusterip_proc_write(struct file *file, const char __user *input, | |||
667 | { | 667 | { |
668 | #define PROC_WRITELEN 10 | 668 | #define PROC_WRITELEN 10 |
669 | char buffer[PROC_WRITELEN+1]; | 669 | char buffer[PROC_WRITELEN+1]; |
670 | struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); | 670 | const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); |
671 | struct clusterip_config *c = pde->data; | 671 | struct clusterip_config *c = pde->data; |
672 | unsigned long nodenum; | 672 | unsigned long nodenum; |
673 | 673 | ||
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 21395bc2b27f..d60139c134ca 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
@@ -100,7 +100,7 @@ ecn_tg_check(const char *tablename, const void *e_void, | |||
100 | const struct xt_target *target, void *targinfo, | 100 | const struct xt_target *target, void *targinfo, |
101 | unsigned int hook_mask) | 101 | unsigned int hook_mask) |
102 | { | 102 | { |
103 | const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo; | 103 | const struct ipt_ECN_info *einfo = targinfo; |
104 | const struct ipt_entry *e = e_void; | 104 | const struct ipt_entry *e = e_void; |
105 | 105 | ||
106 | if (einfo->operation & IPT_ECN_OP_MASK) { | 106 | if (einfo->operation & IPT_ECN_OP_MASK) { |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index c40e233e271b..0af14137137b 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
@@ -76,7 +76,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
76 | 76 | ||
77 | if ((logflags & IPT_LOG_IPOPT) | 77 | if ((logflags & IPT_LOG_IPOPT) |
78 | && ih->ihl * 4 > sizeof(struct iphdr)) { | 78 | && ih->ihl * 4 > sizeof(struct iphdr)) { |
79 | unsigned char _opt[4 * 15 - sizeof(struct iphdr)], *op; | 79 | const unsigned char *op; |
80 | unsigned char _opt[4 * 15 - sizeof(struct iphdr)]; | ||
80 | unsigned int i, optsize; | 81 | unsigned int i, optsize; |
81 | 82 | ||
82 | optsize = ih->ihl * 4 - sizeof(struct iphdr); | 83 | optsize = ih->ihl * 4 - sizeof(struct iphdr); |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index 22606e2baa16..2639872849da 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -35,8 +35,10 @@ MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv4"); | |||
35 | static void send_reset(struct sk_buff *oldskb, int hook) | 35 | static void send_reset(struct sk_buff *oldskb, int hook) |
36 | { | 36 | { |
37 | struct sk_buff *nskb; | 37 | struct sk_buff *nskb; |
38 | struct iphdr *oiph, *niph; | 38 | const struct iphdr *oiph; |
39 | struct tcphdr _otcph, *oth, *tcph; | 39 | struct iphdr *niph; |
40 | const struct tcphdr *oth; | ||
41 | struct tcphdr _otcph, *tcph; | ||
40 | unsigned int addr_type; | 42 | unsigned int addr_type; |
41 | 43 | ||
42 | /* IP header checks: fragment. */ | 44 | /* IP header checks: fragment. */ |
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index 50e06690eb5b..21cb053f5d7d 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c | |||
@@ -340,7 +340,7 @@ static void *recent_seq_start(struct seq_file *seq, loff_t *pos) | |||
340 | static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos) | 340 | static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos) |
341 | { | 341 | { |
342 | struct recent_iter_state *st = seq->private; | 342 | struct recent_iter_state *st = seq->private; |
343 | struct recent_table *t = st->table; | 343 | const struct recent_table *t = st->table; |
344 | struct recent_entry *e = v; | 344 | struct recent_entry *e = v; |
345 | struct list_head *head = e->list.next; | 345 | struct list_head *head = e->list.next; |
346 | 346 | ||
@@ -361,7 +361,7 @@ static void recent_seq_stop(struct seq_file *s, void *v) | |||
361 | 361 | ||
362 | static int recent_seq_show(struct seq_file *seq, void *v) | 362 | static int recent_seq_show(struct seq_file *seq, void *v) |
363 | { | 363 | { |
364 | struct recent_entry *e = v; | 364 | const struct recent_entry *e = v; |
365 | unsigned int i; | 365 | unsigned int i; |
366 | 366 | ||
367 | i = (e->index - 1) % ip_pkt_list_tot; | 367 | i = (e->index - 1) % ip_pkt_list_tot; |
@@ -396,7 +396,7 @@ static int recent_seq_open(struct inode *inode, struct file *file) | |||
396 | static ssize_t recent_proc_write(struct file *file, const char __user *input, | 396 | static ssize_t recent_proc_write(struct file *file, const char __user *input, |
397 | size_t size, loff_t *loff) | 397 | size_t size, loff_t *loff) |
398 | { | 398 | { |
399 | struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); | 399 | const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); |
400 | struct recent_table *t = pde->data; | 400 | struct recent_table *t = pde->data; |
401 | struct recent_entry *e; | 401 | struct recent_entry *e; |
402 | char buf[sizeof("+255.255.255.255")], *c = buf; | 402 | char buf[sizeof("+255.255.255.255")], *c = buf; |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index e330a2974de1..ebe0c7903ae9 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -143,7 +143,7 @@ static bool ipt_snat_checkentry(const char *tablename, | |||
143 | void *targinfo, | 143 | void *targinfo, |
144 | unsigned int hook_mask) | 144 | unsigned int hook_mask) |
145 | { | 145 | { |
146 | struct nf_nat_multi_range_compat *mr = targinfo; | 146 | const struct nf_nat_multi_range_compat *mr = targinfo; |
147 | 147 | ||
148 | /* Must be a valid range */ | 148 | /* Must be a valid range */ |
149 | if (mr->rangesize != 1) { | 149 | if (mr->rangesize != 1) { |
@@ -159,7 +159,7 @@ static bool ipt_dnat_checkentry(const char *tablename, | |||
159 | void *targinfo, | 159 | void *targinfo, |
160 | unsigned int hook_mask) | 160 | unsigned int hook_mask) |
161 | { | 161 | { |
162 | struct nf_nat_multi_range_compat *mr = targinfo; | 162 | const struct nf_nat_multi_range_compat *mr = targinfo; |
163 | 163 | ||
164 | /* Must be a valid range */ | 164 | /* Must be a valid range */ |
165 | if (mr->rangesize != 1) { | 165 | if (mr->rangesize != 1) { |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index baf829075f6f..44c8d65a2431 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -41,7 +41,8 @@ static void send_reset(struct sk_buff *oldskb) | |||
41 | struct tcphdr otcph, *tcph; | 41 | struct tcphdr otcph, *tcph; |
42 | unsigned int otcplen, hh_len; | 42 | unsigned int otcplen, hh_len; |
43 | int tcphoff, needs_ack; | 43 | int tcphoff, needs_ack; |
44 | struct ipv6hdr *oip6h = ipv6_hdr(oldskb), *ip6h; | 44 | const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); |
45 | struct ipv6hdr *ip6h; | ||
45 | struct dst_entry *dst = NULL; | 46 | struct dst_entry *dst = NULL; |
46 | u8 proto; | 47 | u8 proto; |
47 | struct flowi fl; | 48 | struct flowi fl; |
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 3a940171f829..317a8960a757 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c | |||
@@ -49,7 +49,8 @@ ipv6header_mt6(const struct sk_buff *skb, const struct net_device *in, | |||
49 | temp = 0; | 49 | temp = 0; |
50 | 50 | ||
51 | while (ip6t_ext_hdr(nexthdr)) { | 51 | while (ip6t_ext_hdr(nexthdr)) { |
52 | struct ipv6_opt_hdr _hdr, *hp; | 52 | const struct ipv6_opt_hdr *hp; |
53 | struct ipv6_opt_hdr _hdr; | ||
53 | int hdrlen; | 54 | int hdrlen; |
54 | 55 | ||
55 | /* Is there enough space for the next ext header? */ | 56 | /* Is there enough space for the next ext header? */ |
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index 12a9efe9886e..81aaf7aaaabf 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
@@ -110,7 +110,8 @@ rt_mt6(const struct sk_buff *skb, const struct net_device *in, | |||
110 | !!(rtinfo->invflags & IP6T_RT_INV_TYP))); | 110 | !!(rtinfo->invflags & IP6T_RT_INV_TYP))); |
111 | 111 | ||
112 | if (ret && (rtinfo->flags & IP6T_RT_RES)) { | 112 | if (ret && (rtinfo->flags & IP6T_RT_RES)) { |
113 | u_int32_t *rp, _reserved; | 113 | const u_int32_t *rp; |
114 | u_int32_t _reserved; | ||
114 | rp = skb_header_pointer(skb, | 115 | rp = skb_header_pointer(skb, |
115 | ptr + offsetof(struct rt0_hdr, | 116 | ptr + offsetof(struct rt0_hdr, |
116 | reserved), | 117 | reserved), |
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c index 1faa9136195d..211189eb2b67 100644 --- a/net/netfilter/xt_CONNSECMARK.c +++ b/net/netfilter/xt_CONNSECMARK.c | |||
@@ -55,7 +55,7 @@ static void secmark_save(const struct sk_buff *skb) | |||
55 | static void secmark_restore(struct sk_buff *skb) | 55 | static void secmark_restore(struct sk_buff *skb) |
56 | { | 56 | { |
57 | if (!skb->secmark) { | 57 | if (!skb->secmark) { |
58 | struct nf_conn *ct; | 58 | const struct nf_conn *ct; |
59 | enum ip_conntrack_info ctinfo; | 59 | enum ip_conntrack_info ctinfo; |
60 | 60 | ||
61 | ct = nf_ct_get(skb, &ctinfo); | 61 | ct = nf_ct_get(skb, &ctinfo); |
diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c index 24c73ba31eaa..64d6ad380293 100644 --- a/net/netfilter/xt_RATEEST.c +++ b/net/netfilter/xt_RATEEST.c | |||
@@ -96,7 +96,7 @@ xt_rateest_tg_checkentry(const char *tablename, | |||
96 | void *targinfo, | 96 | void *targinfo, |
97 | unsigned int hook_mask) | 97 | unsigned int hook_mask) |
98 | { | 98 | { |
99 | struct xt_rateest_target_info *info = (void *)targinfo; | 99 | struct xt_rateest_target_info *info = targinfo; |
100 | struct xt_rateest *est; | 100 | struct xt_rateest *est; |
101 | struct { | 101 | struct { |
102 | struct nlattr opt; | 102 | struct nlattr opt; |
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index 3b0111933f60..0ca9fe9da203 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c | |||
@@ -106,10 +106,10 @@ static int count_them(struct xt_connlimit_data *data, | |||
106 | const union nf_inet_addr *mask, | 106 | const union nf_inet_addr *mask, |
107 | const struct xt_match *match) | 107 | const struct xt_match *match) |
108 | { | 108 | { |
109 | struct nf_conntrack_tuple_hash *found; | 109 | const struct nf_conntrack_tuple_hash *found; |
110 | struct xt_connlimit_conn *conn; | 110 | struct xt_connlimit_conn *conn; |
111 | struct xt_connlimit_conn *tmp; | 111 | struct xt_connlimit_conn *tmp; |
112 | struct nf_conn *found_ct; | 112 | const struct nf_conn *found_ct; |
113 | struct list_head *hash; | 113 | struct list_head *hash; |
114 | bool addit = true; | 114 | bool addit = true; |
115 | int matches = 0; | 115 | int matches = 0; |
@@ -256,7 +256,7 @@ connlimit_mt_check(const char *tablename, const void *ip, | |||
256 | static void | 256 | static void |
257 | connlimit_mt_destroy(const struct xt_match *match, void *matchinfo) | 257 | connlimit_mt_destroy(const struct xt_match *match, void *matchinfo) |
258 | { | 258 | { |
259 | struct xt_connlimit_info *info = matchinfo; | 259 | const struct xt_connlimit_info *info = matchinfo; |
260 | struct xt_connlimit_conn *conn; | 260 | struct xt_connlimit_conn *conn; |
261 | struct xt_connlimit_conn *tmp; | 261 | struct xt_connlimit_conn *tmp; |
262 | struct list_head *hash = info->data->iphash; | 262 | struct list_head *hash = info->data->iphash; |
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 667f45e72cd9..8b6522186d9f 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c | |||
@@ -98,7 +98,8 @@ dccp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
98 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | 98 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) |
99 | { | 99 | { |
100 | const struct xt_dccp_info *info = matchinfo; | 100 | const struct xt_dccp_info *info = matchinfo; |
101 | struct dccp_hdr _dh, *dh; | 101 | const struct dccp_hdr *dh; |
102 | struct dccp_hdr _dh; | ||
102 | 103 | ||
103 | if (offset) | 104 | if (offset) |
104 | return false; | 105 | return false; |
diff --git a/net/netfilter/xt_esp.c b/net/netfilter/xt_esp.c index 71c7c3785266..a133eb9b23e1 100644 --- a/net/netfilter/xt_esp.c +++ b/net/netfilter/xt_esp.c | |||
@@ -47,7 +47,8 @@ esp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
47 | const struct net_device *out, const struct xt_match *match, | 47 | const struct net_device *out, const struct xt_match *match, |
48 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | 48 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) |
49 | { | 49 | { |
50 | struct ip_esp_hdr _esp, *eh; | 50 | const struct ip_esp_hdr *eh; |
51 | struct ip_esp_hdr _esp; | ||
51 | const struct xt_esp *espinfo = matchinfo; | 52 | const struct xt_esp *espinfo = matchinfo; |
52 | 53 | ||
53 | /* Must not be a fragment. */ | 54 | /* Must not be a fragment. */ |
diff --git a/net/netfilter/xt_multiport.c b/net/netfilter/xt_multiport.c index 31daa8192422..fd88c489b70e 100644 --- a/net/netfilter/xt_multiport.c +++ b/net/netfilter/xt_multiport.c | |||
@@ -100,7 +100,8 @@ multiport_mt_v0(const struct sk_buff *skb, const struct net_device *in, | |||
100 | const void *matchinfo, int offset, unsigned int protoff, | 100 | const void *matchinfo, int offset, unsigned int protoff, |
101 | bool *hotdrop) | 101 | bool *hotdrop) |
102 | { | 102 | { |
103 | __be16 _ports[2], *pptr; | 103 | const __be16 *pptr; |
104 | __be16 _ports[2]; | ||
104 | const struct xt_multiport *multiinfo = matchinfo; | 105 | const struct xt_multiport *multiinfo = matchinfo; |
105 | 106 | ||
106 | if (offset) | 107 | if (offset) |
@@ -126,7 +127,8 @@ multiport_mt(const struct sk_buff *skb, const struct net_device *in, | |||
126 | const void *matchinfo, int offset, unsigned int protoff, | 127 | const void *matchinfo, int offset, unsigned int protoff, |
127 | bool *hotdrop) | 128 | bool *hotdrop) |
128 | { | 129 | { |
129 | __be16 _ports[2], *pptr; | 130 | const __be16 *pptr; |
131 | __be16 _ports[2]; | ||
130 | const struct xt_multiport_v1 *multiinfo = matchinfo; | 132 | const struct xt_multiport_v1 *multiinfo = matchinfo; |
131 | 133 | ||
132 | if (offset) | 134 | if (offset) |
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 9e918add2282..d351582b2a3d 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c | |||
@@ -136,7 +136,7 @@ policy_mt_check(const char *tablename, const void *ip_void, | |||
136 | const struct xt_match *match, void *matchinfo, | 136 | const struct xt_match *match, void *matchinfo, |
137 | unsigned int hook_mask) | 137 | unsigned int hook_mask) |
138 | { | 138 | { |
139 | struct xt_policy_info *info = matchinfo; | 139 | const struct xt_policy_info *info = matchinfo; |
140 | 140 | ||
141 | if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) { | 141 | if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) { |
142 | printk(KERN_ERR "xt_policy: neither incoming nor " | 142 | printk(KERN_ERR "xt_policy: neither incoming nor " |
diff --git a/net/netfilter/xt_rateest.c b/net/netfilter/xt_rateest.c index fdb86a515146..ebd84f1b4f62 100644 --- a/net/netfilter/xt_rateest.c +++ b/net/netfilter/xt_rateest.c | |||
@@ -86,7 +86,7 @@ static bool xt_rateest_mt_checkentry(const char *tablename, | |||
86 | void *matchinfo, | 86 | void *matchinfo, |
87 | unsigned int hook_mask) | 87 | unsigned int hook_mask) |
88 | { | 88 | { |
89 | struct xt_rateest_match_info *info = (void *)matchinfo; | 89 | struct xt_rateest_match_info *info = matchinfo; |
90 | struct xt_rateest *est1, *est2; | 90 | struct xt_rateest *est1, *est2; |
91 | 91 | ||
92 | if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS | | 92 | if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS | |
@@ -130,7 +130,7 @@ err1: | |||
130 | static void xt_rateest_mt_destroy(const struct xt_match *match, | 130 | static void xt_rateest_mt_destroy(const struct xt_match *match, |
131 | void *matchinfo) | 131 | void *matchinfo) |
132 | { | 132 | { |
133 | struct xt_rateest_match_info *info = (void *)matchinfo; | 133 | struct xt_rateest_match_info *info = matchinfo; |
134 | 134 | ||
135 | xt_rateest_put(info->est1); | 135 | xt_rateest_put(info->est1); |
136 | if (info->est2) | 136 | if (info->est2) |
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index b718ec64333d..e6e4681fa047 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c | |||
@@ -46,7 +46,8 @@ match_packet(const struct sk_buff *skb, | |||
46 | bool *hotdrop) | 46 | bool *hotdrop) |
47 | { | 47 | { |
48 | u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)]; | 48 | u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)]; |
49 | sctp_chunkhdr_t _sch, *sch; | 49 | const sctp_chunkhdr_t *sch; |
50 | sctp_chunkhdr_t _sch; | ||
50 | int chunk_match_type = info->chunk_match_type; | 51 | int chunk_match_type = info->chunk_match_type; |
51 | const struct xt_sctp_flag_info *flag_info = info->flag_info; | 52 | const struct xt_sctp_flag_info *flag_info = info->flag_info; |
52 | int flag_count = info->flag_count; | 53 | int flag_count = info->flag_count; |
@@ -121,7 +122,8 @@ sctp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
121 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | 122 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) |
122 | { | 123 | { |
123 | const struct xt_sctp_info *info = matchinfo; | 124 | const struct xt_sctp_info *info = matchinfo; |
124 | sctp_sctphdr_t _sh, *sh; | 125 | const sctp_sctphdr_t *sh; |
126 | sctp_sctphdr_t _sh; | ||
125 | 127 | ||
126 | if (offset) { | 128 | if (offset) { |
127 | duprintf("Dropping non-first fragment.. FIXME\n"); | 129 | duprintf("Dropping non-first fragment.. FIXME\n"); |
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c index d7a5b27fe81e..6771bf01275b 100644 --- a/net/netfilter/xt_tcpmss.c +++ b/net/netfilter/xt_tcpmss.c | |||
@@ -31,9 +31,11 @@ tcpmss_mt(const struct sk_buff *skb, const struct net_device *in, | |||
31 | bool *hotdrop) | 31 | bool *hotdrop) |
32 | { | 32 | { |
33 | const struct xt_tcpmss_match_info *info = matchinfo; | 33 | const struct xt_tcpmss_match_info *info = matchinfo; |
34 | struct tcphdr _tcph, *th; | 34 | const struct tcphdr *th; |
35 | struct tcphdr _tcph; | ||
35 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ | 36 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
36 | u8 _opt[15 * 4 - sizeof(_tcph)], *op; | 37 | const u_int8_t *op; |
38 | u8 _opt[15 * 4 - sizeof(_tcph)]; | ||
37 | unsigned int i, optlen; | 39 | unsigned int i, optlen; |
38 | 40 | ||
39 | /* If we don't have the whole header, drop packet. */ | 41 | /* If we don't have the whole header, drop packet. */ |
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index 4fa3b669f691..951b06b8d701 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c | |||
@@ -42,7 +42,8 @@ tcp_find_option(u_int8_t option, | |||
42 | bool *hotdrop) | 42 | bool *hotdrop) |
43 | { | 43 | { |
44 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ | 44 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
45 | u_int8_t _opt[60 - sizeof(struct tcphdr)], *op; | 45 | const u_int8_t *op; |
46 | u_int8_t _opt[60 - sizeof(struct tcphdr)]; | ||
46 | unsigned int i; | 47 | unsigned int i; |
47 | 48 | ||
48 | duprintf("tcp_match: finding option\n"); | 49 | duprintf("tcp_match: finding option\n"); |
@@ -72,7 +73,8 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
72 | const struct net_device *out, const struct xt_match *match, | 73 | const struct net_device *out, const struct xt_match *match, |
73 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | 74 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) |
74 | { | 75 | { |
75 | struct tcphdr _tcph, *th; | 76 | const struct tcphdr *th; |
77 | struct tcphdr _tcph; | ||
76 | const struct xt_tcp *tcpinfo = matchinfo; | 78 | const struct xt_tcp *tcpinfo = matchinfo; |
77 | 79 | ||
78 | if (offset) { | 80 | if (offset) { |
@@ -144,7 +146,8 @@ udp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
144 | const struct net_device *out, const struct xt_match *match, | 146 | const struct net_device *out, const struct xt_match *match, |
145 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | 147 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) |
146 | { | 148 | { |
147 | struct udphdr _udph, *uh; | 149 | const struct udphdr *uh; |
150 | struct udphdr _udph; | ||
148 | const struct xt_udp *udpinfo = matchinfo; | 151 | const struct xt_udp *udpinfo = matchinfo; |
149 | 152 | ||
150 | /* Must not be a fragment. */ | 153 | /* Must not be a fragment. */ |
diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c index 9fa2e0824708..ed76baab4734 100644 --- a/net/netfilter/xt_time.c +++ b/net/netfilter/xt_time.c | |||
@@ -223,7 +223,7 @@ time_mt_check(const char *tablename, const void *ip, | |||
223 | const struct xt_match *match, void *matchinfo, | 223 | const struct xt_match *match, void *matchinfo, |
224 | unsigned int hook_mask) | 224 | unsigned int hook_mask) |
225 | { | 225 | { |
226 | struct xt_time_info *info = matchinfo; | 226 | const struct xt_time_info *info = matchinfo; |
227 | 227 | ||
228 | if (info->daytime_start > XT_TIME_MAX_DAYTIME || | 228 | if (info->daytime_start > XT_TIME_MAX_DAYTIME || |
229 | info->daytime_stop > XT_TIME_MAX_DAYTIME) { | 229 | info->daytime_stop > XT_TIME_MAX_DAYTIME) { |