diff options
-rw-r--r-- | include/linux/netfilter/x_tables.h | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 31 | ||||
-rw-r--r-- | net/ipv4/netfilter/arpt_mangle.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 31 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 29 | ||||
-rw-r--r-- | net/netfilter/x_tables.c | 18 |
6 files changed, 59 insertions, 56 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index b2c62cc618f5..2326296b6f25 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
@@ -430,13 +430,13 @@ extern int xt_compat_add_offset(int af, unsigned int offset, short delta); | |||
430 | extern void xt_compat_flush_offsets(int af); | 430 | extern void xt_compat_flush_offsets(int af); |
431 | extern short xt_compat_calc_jump(int af, unsigned int offset); | 431 | extern short xt_compat_calc_jump(int af, unsigned int offset); |
432 | 432 | ||
433 | extern int xt_compat_match_offset(struct xt_match *match); | 433 | extern int xt_compat_match_offset(const struct xt_match *match); |
434 | extern int xt_compat_match_from_user(struct xt_entry_match *m, | 434 | extern int xt_compat_match_from_user(struct xt_entry_match *m, |
435 | void **dstptr, unsigned int *size); | 435 | void **dstptr, unsigned int *size); |
436 | extern int xt_compat_match_to_user(struct xt_entry_match *m, | 436 | extern int xt_compat_match_to_user(struct xt_entry_match *m, |
437 | void __user **dstptr, unsigned int *size); | 437 | void __user **dstptr, unsigned int *size); |
438 | 438 | ||
439 | extern int xt_compat_target_offset(struct xt_target *target); | 439 | extern int xt_compat_target_offset(const struct xt_target *target); |
440 | extern void xt_compat_target_from_user(struct xt_entry_target *t, | 440 | extern void xt_compat_target_from_user(struct xt_entry_target *t, |
441 | void **dstptr, unsigned int *size); | 441 | void **dstptr, unsigned int *size); |
442 | extern int xt_compat_target_to_user(struct xt_entry_target *t, | 442 | extern int xt_compat_target_to_user(struct xt_entry_target *t, |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 1563f29b5117..10cc442330c3 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -59,7 +59,7 @@ do { \ | |||
59 | #endif | 59 | #endif |
60 | 60 | ||
61 | static inline int arp_devaddr_compare(const struct arpt_devaddr_info *ap, | 61 | static inline int arp_devaddr_compare(const struct arpt_devaddr_info *ap, |
62 | char *hdr_addr, int len) | 62 | const char *hdr_addr, int len) |
63 | { | 63 | { |
64 | int i, ret; | 64 | int i, ret; |
65 | 65 | ||
@@ -80,8 +80,8 @@ static inline int arp_packet_match(const struct arphdr *arphdr, | |||
80 | const char *outdev, | 80 | const char *outdev, |
81 | const struct arpt_arp *arpinfo) | 81 | const struct arpt_arp *arpinfo) |
82 | { | 82 | { |
83 | char *arpptr = (char *)(arphdr + 1); | 83 | const char *arpptr = (char *)(arphdr + 1); |
84 | char *src_devaddr, *tgt_devaddr; | 84 | const char *src_devaddr, *tgt_devaddr; |
85 | __be32 src_ipaddr, tgt_ipaddr; | 85 | __be32 src_ipaddr, tgt_ipaddr; |
86 | int i, ret; | 86 | int i, ret; |
87 | 87 | ||
@@ -226,12 +226,12 @@ unsigned int arpt_do_table(struct sk_buff *skb, | |||
226 | { | 226 | { |
227 | static const char nulldevname[IFNAMSIZ]; | 227 | static const char nulldevname[IFNAMSIZ]; |
228 | unsigned int verdict = NF_DROP; | 228 | unsigned int verdict = NF_DROP; |
229 | struct arphdr *arp; | 229 | const struct arphdr *arp; |
230 | bool hotdrop = false; | 230 | bool hotdrop = false; |
231 | struct arpt_entry *e, *back; | 231 | struct arpt_entry *e, *back; |
232 | const char *indev, *outdev; | 232 | const char *indev, *outdev; |
233 | void *table_base; | 233 | void *table_base; |
234 | struct xt_table_info *private; | 234 | const struct xt_table_info *private; |
235 | 235 | ||
236 | if (!pskb_may_pull(skb, arp_hdr_len(skb->dev))) | 236 | if (!pskb_may_pull(skb, arp_hdr_len(skb->dev))) |
237 | return NF_DROP; | 237 | return NF_DROP; |
@@ -352,7 +352,7 @@ static int mark_source_chains(struct xt_table_info *newinfo, | |||
352 | e->counters.pcnt = pos; | 352 | e->counters.pcnt = pos; |
353 | 353 | ||
354 | for (;;) { | 354 | for (;;) { |
355 | struct arpt_standard_target *t | 355 | const struct arpt_standard_target *t |
356 | = (void *)arpt_get_target(e); | 356 | = (void *)arpt_get_target(e); |
357 | int visited = e->comefrom & (1 << hook); | 357 | int visited = e->comefrom & (1 << hook); |
358 | 358 | ||
@@ -437,7 +437,7 @@ static int mark_source_chains(struct xt_table_info *newinfo, | |||
437 | 437 | ||
438 | static inline int check_entry(struct arpt_entry *e, const char *name) | 438 | static inline int check_entry(struct arpt_entry *e, const char *name) |
439 | { | 439 | { |
440 | struct arpt_entry_target *t; | 440 | const struct arpt_entry_target *t; |
441 | 441 | ||
442 | if (!arp_checkentry(&e->arp)) { | 442 | if (!arp_checkentry(&e->arp)) { |
443 | duprintf("arp_tables: arp check failed %p %s.\n", e, name); | 443 | duprintf("arp_tables: arp check failed %p %s.\n", e, name); |
@@ -710,7 +710,7 @@ static inline struct xt_counters *alloc_counters(struct arpt_table *table) | |||
710 | { | 710 | { |
711 | unsigned int countersize; | 711 | unsigned int countersize; |
712 | struct xt_counters *counters; | 712 | struct xt_counters *counters; |
713 | struct xt_table_info *private = table->private; | 713 | const struct xt_table_info *private = table->private; |
714 | 714 | ||
715 | /* We need atomic snapshot of counters: rest doesn't change | 715 | /* We need atomic snapshot of counters: rest doesn't change |
716 | * (other than comefrom, which userspace doesn't care | 716 | * (other than comefrom, which userspace doesn't care |
@@ -737,7 +737,7 @@ static int copy_entries_to_user(unsigned int total_size, | |||
737 | unsigned int off, num; | 737 | unsigned int off, num; |
738 | struct arpt_entry *e; | 738 | struct arpt_entry *e; |
739 | struct xt_counters *counters; | 739 | struct xt_counters *counters; |
740 | struct xt_table_info *private = table->private; | 740 | const struct xt_table_info *private = table->private; |
741 | int ret = 0; | 741 | int ret = 0; |
742 | void *loc_cpu_entry; | 742 | void *loc_cpu_entry; |
743 | 743 | ||
@@ -872,7 +872,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
872 | "arptable_%s", name); | 872 | "arptable_%s", name); |
873 | if (t && !IS_ERR(t)) { | 873 | if (t && !IS_ERR(t)) { |
874 | struct arpt_getinfo info; | 874 | struct arpt_getinfo info; |
875 | struct xt_table_info *private = t->private; | 875 | const struct xt_table_info *private = t->private; |
876 | 876 | ||
877 | #ifdef CONFIG_COMPAT | 877 | #ifdef CONFIG_COMPAT |
878 | if (compat) { | 878 | if (compat) { |
@@ -927,7 +927,8 @@ static int get_entries(struct net *net, struct arpt_get_entries __user *uptr, | |||
927 | 927 | ||
928 | t = xt_find_table_lock(net, NF_ARP, get.name); | 928 | t = xt_find_table_lock(net, NF_ARP, get.name); |
929 | if (t && !IS_ERR(t)) { | 929 | if (t && !IS_ERR(t)) { |
930 | struct xt_table_info *private = t->private; | 930 | const struct xt_table_info *private = t->private; |
931 | |||
931 | duprintf("t->private->number = %u\n", | 932 | duprintf("t->private->number = %u\n", |
932 | private->number); | 933 | private->number); |
933 | if (get.size == private->size) | 934 | if (get.size == private->size) |
@@ -1087,11 +1088,11 @@ static int do_add_counters(struct net *net, void __user *user, unsigned int len, | |||
1087 | struct xt_counters_info tmp; | 1088 | struct xt_counters_info tmp; |
1088 | struct xt_counters *paddc; | 1089 | struct xt_counters *paddc; |
1089 | unsigned int num_counters; | 1090 | unsigned int num_counters; |
1090 | char *name; | 1091 | const char *name; |
1091 | int size; | 1092 | int size; |
1092 | void *ptmp; | 1093 | void *ptmp; |
1093 | struct arpt_table *t; | 1094 | struct arpt_table *t; |
1094 | struct xt_table_info *private; | 1095 | const struct xt_table_info *private; |
1095 | int ret = 0; | 1096 | int ret = 0; |
1096 | void *loc_cpu_entry; | 1097 | void *loc_cpu_entry; |
1097 | #ifdef CONFIG_COMPAT | 1098 | #ifdef CONFIG_COMPAT |
@@ -1558,7 +1559,7 @@ static int compat_copy_entries_to_user(unsigned int total_size, | |||
1558 | void __user *userptr) | 1559 | void __user *userptr) |
1559 | { | 1560 | { |
1560 | struct xt_counters *counters; | 1561 | struct xt_counters *counters; |
1561 | struct xt_table_info *private = table->private; | 1562 | const struct xt_table_info *private = table->private; |
1562 | void __user *pos; | 1563 | void __user *pos; |
1563 | unsigned int size; | 1564 | unsigned int size; |
1564 | int ret = 0; | 1565 | int ret = 0; |
@@ -1609,7 +1610,7 @@ static int compat_get_entries(struct net *net, | |||
1609 | xt_compat_lock(NF_ARP); | 1610 | xt_compat_lock(NF_ARP); |
1610 | t = xt_find_table_lock(net, NF_ARP, get.name); | 1611 | t = xt_find_table_lock(net, NF_ARP, get.name); |
1611 | if (t && !IS_ERR(t)) { | 1612 | if (t && !IS_ERR(t)) { |
1612 | struct xt_table_info *private = t->private; | 1613 | const struct xt_table_info *private = t->private; |
1613 | struct xt_table_info info; | 1614 | struct xt_table_info info; |
1614 | 1615 | ||
1615 | duprintf("t->private->number = %u\n", private->number); | 1616 | duprintf("t->private->number = %u\n", private->number); |
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c index 3f4222b0a803..3e732c827fc2 100644 --- a/net/ipv4/netfilter/arpt_mangle.c +++ b/net/ipv4/netfilter/arpt_mangle.c | |||
@@ -15,7 +15,7 @@ target(struct sk_buff *skb, | |||
15 | const void *targinfo) | 15 | const void *targinfo) |
16 | { | 16 | { |
17 | const struct arpt_mangle *mangle = targinfo; | 17 | const struct arpt_mangle *mangle = targinfo; |
18 | struct arphdr *arp; | 18 | const struct arphdr *arp; |
19 | unsigned char *arpptr; | 19 | unsigned char *arpptr; |
20 | int pln, hln; | 20 | int pln, hln; |
21 | 21 | ||
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index a819d191e1aa..aa124b50cb4a 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -296,7 +296,7 @@ static void trace_packet(struct sk_buff *skb, | |||
296 | struct ipt_entry *e) | 296 | struct ipt_entry *e) |
297 | { | 297 | { |
298 | void *table_base; | 298 | void *table_base; |
299 | struct ipt_entry *root; | 299 | const struct ipt_entry *root; |
300 | char *hookname, *chainname, *comment; | 300 | char *hookname, *chainname, *comment; |
301 | unsigned int rulenum = 0; | 301 | unsigned int rulenum = 0; |
302 | 302 | ||
@@ -327,7 +327,7 @@ ipt_do_table(struct sk_buff *skb, | |||
327 | { | 327 | { |
328 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); | 328 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); |
329 | u_int16_t offset; | 329 | u_int16_t offset; |
330 | struct iphdr *ip; | 330 | const struct iphdr *ip; |
331 | u_int16_t datalen; | 331 | u_int16_t datalen; |
332 | bool hotdrop = false; | 332 | bool hotdrop = false; |
333 | /* Initializing verdict to NF_DROP keeps gcc happy. */ | 333 | /* Initializing verdict to NF_DROP keeps gcc happy. */ |
@@ -926,7 +926,7 @@ static struct xt_counters * alloc_counters(struct xt_table *table) | |||
926 | { | 926 | { |
927 | unsigned int countersize; | 927 | unsigned int countersize; |
928 | struct xt_counters *counters; | 928 | struct xt_counters *counters; |
929 | struct xt_table_info *private = table->private; | 929 | const struct xt_table_info *private = table->private; |
930 | 930 | ||
931 | /* We need atomic snapshot of counters: rest doesn't change | 931 | /* We need atomic snapshot of counters: rest doesn't change |
932 | (other than comefrom, which userspace doesn't care | 932 | (other than comefrom, which userspace doesn't care |
@@ -953,9 +953,9 @@ copy_entries_to_user(unsigned int total_size, | |||
953 | unsigned int off, num; | 953 | unsigned int off, num; |
954 | struct ipt_entry *e; | 954 | struct ipt_entry *e; |
955 | struct xt_counters *counters; | 955 | struct xt_counters *counters; |
956 | struct xt_table_info *private = table->private; | 956 | const struct xt_table_info *private = table->private; |
957 | int ret = 0; | 957 | int ret = 0; |
958 | void *loc_cpu_entry; | 958 | const void *loc_cpu_entry; |
959 | 959 | ||
960 | counters = alloc_counters(table); | 960 | counters = alloc_counters(table); |
961 | if (IS_ERR(counters)) | 961 | if (IS_ERR(counters)) |
@@ -975,8 +975,8 @@ copy_entries_to_user(unsigned int total_size, | |||
975 | /* ... then go back and fix counters and names */ | 975 | /* ... then go back and fix counters and names */ |
976 | for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ | 976 | for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ |
977 | unsigned int i; | 977 | unsigned int i; |
978 | struct ipt_entry_match *m; | 978 | const struct ipt_entry_match *m; |
979 | struct ipt_entry_target *t; | 979 | const struct ipt_entry_target *t; |
980 | 980 | ||
981 | e = (struct ipt_entry *)(loc_cpu_entry + off); | 981 | e = (struct ipt_entry *)(loc_cpu_entry + off); |
982 | if (copy_to_user(userptr + off | 982 | if (copy_to_user(userptr + off |
@@ -1116,7 +1116,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
1116 | "iptable_%s", name); | 1116 | "iptable_%s", name); |
1117 | if (t && !IS_ERR(t)) { | 1117 | if (t && !IS_ERR(t)) { |
1118 | struct ipt_getinfo info; | 1118 | struct ipt_getinfo info; |
1119 | struct xt_table_info *private = t->private; | 1119 | const struct xt_table_info *private = t->private; |
1120 | 1120 | ||
1121 | #ifdef CONFIG_COMPAT | 1121 | #ifdef CONFIG_COMPAT |
1122 | if (compat) { | 1122 | if (compat) { |
@@ -1172,7 +1172,7 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr, int *len) | |||
1172 | 1172 | ||
1173 | t = xt_find_table_lock(net, AF_INET, get.name); | 1173 | t = xt_find_table_lock(net, AF_INET, get.name); |
1174 | if (t && !IS_ERR(t)) { | 1174 | if (t && !IS_ERR(t)) { |
1175 | struct xt_table_info *private = t->private; | 1175 | const struct xt_table_info *private = t->private; |
1176 | duprintf("t->private->number = %u\n", private->number); | 1176 | duprintf("t->private->number = %u\n", private->number); |
1177 | if (get.size == private->size) | 1177 | if (get.size == private->size) |
1178 | ret = copy_entries_to_user(private->size, | 1178 | ret = copy_entries_to_user(private->size, |
@@ -1337,11 +1337,11 @@ do_add_counters(struct net *net, void __user *user, unsigned int len, int compat | |||
1337 | struct xt_counters_info tmp; | 1337 | struct xt_counters_info tmp; |
1338 | struct xt_counters *paddc; | 1338 | struct xt_counters *paddc; |
1339 | unsigned int num_counters; | 1339 | unsigned int num_counters; |
1340 | char *name; | 1340 | const char *name; |
1341 | int size; | 1341 | int size; |
1342 | void *ptmp; | 1342 | void *ptmp; |
1343 | struct xt_table *t; | 1343 | struct xt_table *t; |
1344 | struct xt_table_info *private; | 1344 | const struct xt_table_info *private; |
1345 | int ret = 0; | 1345 | int ret = 0; |
1346 | void *loc_cpu_entry; | 1346 | void *loc_cpu_entry; |
1347 | #ifdef CONFIG_COMPAT | 1347 | #ifdef CONFIG_COMPAT |
@@ -1878,11 +1878,11 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table, | |||
1878 | void __user *userptr) | 1878 | void __user *userptr) |
1879 | { | 1879 | { |
1880 | struct xt_counters *counters; | 1880 | struct xt_counters *counters; |
1881 | struct xt_table_info *private = table->private; | 1881 | const struct xt_table_info *private = table->private; |
1882 | void __user *pos; | 1882 | void __user *pos; |
1883 | unsigned int size; | 1883 | unsigned int size; |
1884 | int ret = 0; | 1884 | int ret = 0; |
1885 | void *loc_cpu_entry; | 1885 | const void *loc_cpu_entry; |
1886 | unsigned int i = 0; | 1886 | unsigned int i = 0; |
1887 | 1887 | ||
1888 | counters = alloc_counters(table); | 1888 | counters = alloc_counters(table); |
@@ -1929,7 +1929,7 @@ compat_get_entries(struct net *net, struct compat_ipt_get_entries __user *uptr, | |||
1929 | xt_compat_lock(AF_INET); | 1929 | xt_compat_lock(AF_INET); |
1930 | t = xt_find_table_lock(net, AF_INET, get.name); | 1930 | t = xt_find_table_lock(net, AF_INET, get.name); |
1931 | if (t && !IS_ERR(t)) { | 1931 | if (t && !IS_ERR(t)) { |
1932 | struct xt_table_info *private = t->private; | 1932 | const struct xt_table_info *private = t->private; |
1933 | struct xt_table_info info; | 1933 | struct xt_table_info info; |
1934 | duprintf("t->private->number = %u\n", private->number); | 1934 | duprintf("t->private->number = %u\n", private->number); |
1935 | ret = compat_table_info(private, &info); | 1935 | ret = compat_table_info(private, &info); |
@@ -2130,7 +2130,8 @@ icmp_match(const struct sk_buff *skb, | |||
2130 | unsigned int protoff, | 2130 | unsigned int protoff, |
2131 | bool *hotdrop) | 2131 | bool *hotdrop) |
2132 | { | 2132 | { |
2133 | struct icmphdr _icmph, *ic; | 2133 | const struct icmphdr *ic; |
2134 | struct icmphdr _icmph; | ||
2134 | const struct ipt_icmp *icmpinfo = matchinfo; | 2135 | const struct ipt_icmp *icmpinfo = matchinfo; |
2135 | 2136 | ||
2136 | /* Must not be a fragment. */ | 2137 | /* Must not be a fragment. */ |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 70ef0d276cc0..782183f63366 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -325,7 +325,7 @@ static void trace_packet(struct sk_buff *skb, | |||
325 | struct ip6t_entry *e) | 325 | struct ip6t_entry *e) |
326 | { | 326 | { |
327 | void *table_base; | 327 | void *table_base; |
328 | struct ip6t_entry *root; | 328 | const struct ip6t_entry *root; |
329 | char *hookname, *chainname, *comment; | 329 | char *hookname, *chainname, *comment; |
330 | unsigned int rulenum = 0; | 330 | unsigned int rulenum = 0; |
331 | 331 | ||
@@ -952,7 +952,7 @@ static struct xt_counters *alloc_counters(struct xt_table *table) | |||
952 | { | 952 | { |
953 | unsigned int countersize; | 953 | unsigned int countersize; |
954 | struct xt_counters *counters; | 954 | struct xt_counters *counters; |
955 | struct xt_table_info *private = table->private; | 955 | const struct xt_table_info *private = table->private; |
956 | 956 | ||
957 | /* We need atomic snapshot of counters: rest doesn't change | 957 | /* We need atomic snapshot of counters: rest doesn't change |
958 | (other than comefrom, which userspace doesn't care | 958 | (other than comefrom, which userspace doesn't care |
@@ -979,9 +979,9 @@ copy_entries_to_user(unsigned int total_size, | |||
979 | unsigned int off, num; | 979 | unsigned int off, num; |
980 | struct ip6t_entry *e; | 980 | struct ip6t_entry *e; |
981 | struct xt_counters *counters; | 981 | struct xt_counters *counters; |
982 | struct xt_table_info *private = table->private; | 982 | const struct xt_table_info *private = table->private; |
983 | int ret = 0; | 983 | int ret = 0; |
984 | void *loc_cpu_entry; | 984 | const void *loc_cpu_entry; |
985 | 985 | ||
986 | counters = alloc_counters(table); | 986 | counters = alloc_counters(table); |
987 | if (IS_ERR(counters)) | 987 | if (IS_ERR(counters)) |
@@ -1001,8 +1001,8 @@ copy_entries_to_user(unsigned int total_size, | |||
1001 | /* ... then go back and fix counters and names */ | 1001 | /* ... then go back and fix counters and names */ |
1002 | for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ | 1002 | for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ |
1003 | unsigned int i; | 1003 | unsigned int i; |
1004 | struct ip6t_entry_match *m; | 1004 | const struct ip6t_entry_match *m; |
1005 | struct ip6t_entry_target *t; | 1005 | const struct ip6t_entry_target *t; |
1006 | 1006 | ||
1007 | e = (struct ip6t_entry *)(loc_cpu_entry + off); | 1007 | e = (struct ip6t_entry *)(loc_cpu_entry + off); |
1008 | if (copy_to_user(userptr + off | 1008 | if (copy_to_user(userptr + off |
@@ -1142,7 +1142,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
1142 | "ip6table_%s", name); | 1142 | "ip6table_%s", name); |
1143 | if (t && !IS_ERR(t)) { | 1143 | if (t && !IS_ERR(t)) { |
1144 | struct ip6t_getinfo info; | 1144 | struct ip6t_getinfo info; |
1145 | struct xt_table_info *private = t->private; | 1145 | const struct xt_table_info *private = t->private; |
1146 | 1146 | ||
1147 | #ifdef CONFIG_COMPAT | 1147 | #ifdef CONFIG_COMPAT |
1148 | if (compat) { | 1148 | if (compat) { |
@@ -1225,7 +1225,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, | |||
1225 | struct xt_table *t; | 1225 | struct xt_table *t; |
1226 | struct xt_table_info *oldinfo; | 1226 | struct xt_table_info *oldinfo; |
1227 | struct xt_counters *counters; | 1227 | struct xt_counters *counters; |
1228 | void *loc_cpu_old_entry; | 1228 | const void *loc_cpu_old_entry; |
1229 | 1229 | ||
1230 | ret = 0; | 1230 | ret = 0; |
1231 | counters = vmalloc_node(num_counters * sizeof(struct xt_counters), | 1231 | counters = vmalloc_node(num_counters * sizeof(struct xt_counters), |
@@ -1369,9 +1369,9 @@ do_add_counters(struct net *net, void __user *user, unsigned int len, | |||
1369 | int size; | 1369 | int size; |
1370 | void *ptmp; | 1370 | void *ptmp; |
1371 | struct xt_table *t; | 1371 | struct xt_table *t; |
1372 | struct xt_table_info *private; | 1372 | const struct xt_table_info *private; |
1373 | int ret = 0; | 1373 | int ret = 0; |
1374 | void *loc_cpu_entry; | 1374 | const void *loc_cpu_entry; |
1375 | #ifdef CONFIG_COMPAT | 1375 | #ifdef CONFIG_COMPAT |
1376 | struct compat_xt_counters_info compat_tmp; | 1376 | struct compat_xt_counters_info compat_tmp; |
1377 | 1377 | ||
@@ -1905,11 +1905,11 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table, | |||
1905 | void __user *userptr) | 1905 | void __user *userptr) |
1906 | { | 1906 | { |
1907 | struct xt_counters *counters; | 1907 | struct xt_counters *counters; |
1908 | struct xt_table_info *private = table->private; | 1908 | const struct xt_table_info *private = table->private; |
1909 | void __user *pos; | 1909 | void __user *pos; |
1910 | unsigned int size; | 1910 | unsigned int size; |
1911 | int ret = 0; | 1911 | int ret = 0; |
1912 | void *loc_cpu_entry; | 1912 | const void *loc_cpu_entry; |
1913 | unsigned int i = 0; | 1913 | unsigned int i = 0; |
1914 | 1914 | ||
1915 | counters = alloc_counters(table); | 1915 | counters = alloc_counters(table); |
@@ -1956,7 +1956,7 @@ compat_get_entries(struct net *net, struct compat_ip6t_get_entries __user *uptr, | |||
1956 | xt_compat_lock(AF_INET6); | 1956 | xt_compat_lock(AF_INET6); |
1957 | t = xt_find_table_lock(net, AF_INET6, get.name); | 1957 | t = xt_find_table_lock(net, AF_INET6, get.name); |
1958 | if (t && !IS_ERR(t)) { | 1958 | if (t && !IS_ERR(t)) { |
1959 | struct xt_table_info *private = t->private; | 1959 | const struct xt_table_info *private = t->private; |
1960 | struct xt_table_info info; | 1960 | struct xt_table_info info; |
1961 | duprintf("t->private->number = %u\n", private->number); | 1961 | duprintf("t->private->number = %u\n", private->number); |
1962 | ret = compat_table_info(private, &info); | 1962 | ret = compat_table_info(private, &info); |
@@ -2155,7 +2155,8 @@ icmp6_match(const struct sk_buff *skb, | |||
2155 | unsigned int protoff, | 2155 | unsigned int protoff, |
2156 | bool *hotdrop) | 2156 | bool *hotdrop) |
2157 | { | 2157 | { |
2158 | struct icmp6hdr _icmph, *ic; | 2158 | const struct icmp6hdr *ic; |
2159 | struct icmp6hdr _icmph; | ||
2159 | const struct ip6t_icmp *icmpinfo = matchinfo; | 2160 | const struct ip6t_icmp *icmpinfo = matchinfo; |
2160 | 2161 | ||
2161 | /* Must not be a fragment. */ | 2162 | /* Must not be a fragment. */ |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 0bd95680a494..f52f7f810ac4 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
@@ -58,7 +58,7 @@ static struct xt_af *xt; | |||
58 | #define duprintf(format, args...) | 58 | #define duprintf(format, args...) |
59 | #endif | 59 | #endif |
60 | 60 | ||
61 | static const char *xt_prefix[NPROTO] = { | 61 | static const char *const xt_prefix[NPROTO] = { |
62 | [AF_INET] = "ip", | 62 | [AF_INET] = "ip", |
63 | [AF_INET6] = "ip6", | 63 | [AF_INET6] = "ip6", |
64 | [NF_ARP] = "arp", | 64 | [NF_ARP] = "arp", |
@@ -248,7 +248,7 @@ EXPORT_SYMBOL_GPL(xt_request_find_target); | |||
248 | 248 | ||
249 | static int match_revfn(int af, const char *name, u8 revision, int *bestp) | 249 | static int match_revfn(int af, const char *name, u8 revision, int *bestp) |
250 | { | 250 | { |
251 | struct xt_match *m; | 251 | const struct xt_match *m; |
252 | int have_rev = 0; | 252 | int have_rev = 0; |
253 | 253 | ||
254 | list_for_each_entry(m, &xt[af].match, list) { | 254 | list_for_each_entry(m, &xt[af].match, list) { |
@@ -264,7 +264,7 @@ static int match_revfn(int af, const char *name, u8 revision, int *bestp) | |||
264 | 264 | ||
265 | static int target_revfn(int af, const char *name, u8 revision, int *bestp) | 265 | static int target_revfn(int af, const char *name, u8 revision, int *bestp) |
266 | { | 266 | { |
267 | struct xt_target *t; | 267 | const struct xt_target *t; |
268 | int have_rev = 0; | 268 | int have_rev = 0; |
269 | 269 | ||
270 | list_for_each_entry(t, &xt[af].target, list) { | 270 | list_for_each_entry(t, &xt[af].target, list) { |
@@ -385,7 +385,7 @@ short xt_compat_calc_jump(int af, unsigned int offset) | |||
385 | } | 385 | } |
386 | EXPORT_SYMBOL_GPL(xt_compat_calc_jump); | 386 | EXPORT_SYMBOL_GPL(xt_compat_calc_jump); |
387 | 387 | ||
388 | int xt_compat_match_offset(struct xt_match *match) | 388 | int xt_compat_match_offset(const struct xt_match *match) |
389 | { | 389 | { |
390 | u_int16_t csize = match->compatsize ? : match->matchsize; | 390 | u_int16_t csize = match->compatsize ? : match->matchsize; |
391 | return XT_ALIGN(match->matchsize) - COMPAT_XT_ALIGN(csize); | 391 | return XT_ALIGN(match->matchsize) - COMPAT_XT_ALIGN(csize); |
@@ -395,7 +395,7 @@ EXPORT_SYMBOL_GPL(xt_compat_match_offset); | |||
395 | int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, | 395 | int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, |
396 | unsigned int *size) | 396 | unsigned int *size) |
397 | { | 397 | { |
398 | struct xt_match *match = m->u.kernel.match; | 398 | const struct xt_match *match = m->u.kernel.match; |
399 | struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m; | 399 | struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m; |
400 | int pad, off = xt_compat_match_offset(match); | 400 | int pad, off = xt_compat_match_offset(match); |
401 | u_int16_t msize = cm->u.user.match_size; | 401 | u_int16_t msize = cm->u.user.match_size; |
@@ -422,7 +422,7 @@ EXPORT_SYMBOL_GPL(xt_compat_match_from_user); | |||
422 | int xt_compat_match_to_user(struct xt_entry_match *m, void __user **dstptr, | 422 | int xt_compat_match_to_user(struct xt_entry_match *m, void __user **dstptr, |
423 | unsigned int *size) | 423 | unsigned int *size) |
424 | { | 424 | { |
425 | struct xt_match *match = m->u.kernel.match; | 425 | const struct xt_match *match = m->u.kernel.match; |
426 | struct compat_xt_entry_match __user *cm = *dstptr; | 426 | struct compat_xt_entry_match __user *cm = *dstptr; |
427 | int off = xt_compat_match_offset(match); | 427 | int off = xt_compat_match_offset(match); |
428 | u_int16_t msize = m->u.user.match_size - off; | 428 | u_int16_t msize = m->u.user.match_size - off; |
@@ -479,7 +479,7 @@ int xt_check_target(const struct xt_target *target, unsigned short family, | |||
479 | EXPORT_SYMBOL_GPL(xt_check_target); | 479 | EXPORT_SYMBOL_GPL(xt_check_target); |
480 | 480 | ||
481 | #ifdef CONFIG_COMPAT | 481 | #ifdef CONFIG_COMPAT |
482 | int xt_compat_target_offset(struct xt_target *target) | 482 | int xt_compat_target_offset(const struct xt_target *target) |
483 | { | 483 | { |
484 | u_int16_t csize = target->compatsize ? : target->targetsize; | 484 | u_int16_t csize = target->compatsize ? : target->targetsize; |
485 | return XT_ALIGN(target->targetsize) - COMPAT_XT_ALIGN(csize); | 485 | return XT_ALIGN(target->targetsize) - COMPAT_XT_ALIGN(csize); |
@@ -489,7 +489,7 @@ EXPORT_SYMBOL_GPL(xt_compat_target_offset); | |||
489 | void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, | 489 | void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, |
490 | unsigned int *size) | 490 | unsigned int *size) |
491 | { | 491 | { |
492 | struct xt_target *target = t->u.kernel.target; | 492 | const struct xt_target *target = t->u.kernel.target; |
493 | struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t; | 493 | struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t; |
494 | int pad, off = xt_compat_target_offset(target); | 494 | int pad, off = xt_compat_target_offset(target); |
495 | u_int16_t tsize = ct->u.user.target_size; | 495 | u_int16_t tsize = ct->u.user.target_size; |
@@ -515,7 +515,7 @@ EXPORT_SYMBOL_GPL(xt_compat_target_from_user); | |||
515 | int xt_compat_target_to_user(struct xt_entry_target *t, void __user **dstptr, | 515 | int xt_compat_target_to_user(struct xt_entry_target *t, void __user **dstptr, |
516 | unsigned int *size) | 516 | unsigned int *size) |
517 | { | 517 | { |
518 | struct xt_target *target = t->u.kernel.target; | 518 | const struct xt_target *target = t->u.kernel.target; |
519 | struct compat_xt_entry_target __user *ct = *dstptr; | 519 | struct compat_xt_entry_target __user *ct = *dstptr; |
520 | int off = xt_compat_target_offset(target); | 520 | int off = xt_compat_target_offset(target); |
521 | u_int16_t tsize = t->u.user.target_size - off; | 521 | u_int16_t tsize = t->u.user.target_size - off; |