aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/net/netfilter/nf_conntrack_core.h4
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c14
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c8
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c7
-rw-r--r--net/netfilter/nf_conntrack_standalone.c10
5 files changed, 23 insertions, 20 deletions
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 2b9e5713585a..9ee26469c759 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -68,8 +68,8 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
68 68
69int 69int
70print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, 70print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
71 struct nf_conntrack_l3proto *l3proto, 71 const struct nf_conntrack_l3proto *l3proto,
72 struct nf_conntrack_l4proto *proto); 72 const struct nf_conntrack_l4proto *proto);
73 73
74extern struct hlist_head *nf_conntrack_hash; 74extern struct hlist_head *nf_conntrack_hash;
75extern spinlock_t nf_conntrack_lock ; 75extern spinlock_t nf_conntrack_lock ;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index ac3d61d8026e..a65b845c5f15 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -27,7 +27,8 @@
27static int ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, 27static int ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
28 struct nf_conntrack_tuple *tuple) 28 struct nf_conntrack_tuple *tuple)
29{ 29{
30 __be32 _addrs[2], *ap; 30 const __be32 *ap;
31 __be32 _addrs[2];
31 ap = skb_header_pointer(skb, nhoff + offsetof(struct iphdr, saddr), 32 ap = skb_header_pointer(skb, nhoff + offsetof(struct iphdr, saddr),
32 sizeof(u_int32_t) * 2, _addrs); 33 sizeof(u_int32_t) * 2, _addrs);
33 if (ap == NULL) 34 if (ap == NULL)
@@ -76,7 +77,8 @@ static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
76static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, 77static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
77 unsigned int *dataoff, u_int8_t *protonum) 78 unsigned int *dataoff, u_int8_t *protonum)
78{ 79{
79 struct iphdr _iph, *iph; 80 const struct iphdr *iph;
81 struct iphdr _iph;
80 82
81 iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph); 83 iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
82 if (iph == NULL) 84 if (iph == NULL)
@@ -111,8 +113,8 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
111{ 113{
112 struct nf_conn *ct; 114 struct nf_conn *ct;
113 enum ip_conntrack_info ctinfo; 115 enum ip_conntrack_info ctinfo;
114 struct nf_conn_help *help; 116 const struct nf_conn_help *help;
115 struct nf_conntrack_helper *helper; 117 const struct nf_conntrack_helper *helper;
116 118
117 /* This is where we call the helper: as the packet goes out. */ 119 /* This is where we call the helper: as the packet goes out. */
118 ct = nf_ct_get(skb, &ctinfo); 120 ct = nf_ct_get(skb, &ctinfo);
@@ -299,8 +301,8 @@ static ctl_table ip_ct_sysctl_table[] = {
299static int 301static int
300getorigdst(struct sock *sk, int optval, void __user *user, int *len) 302getorigdst(struct sock *sk, int optval, void __user *user, int *len)
301{ 303{
302 struct inet_sock *inet = inet_sk(sk); 304 const struct inet_sock *inet = inet_sk(sk);
303 struct nf_conntrack_tuple_hash *h; 305 const struct nf_conntrack_tuple_hash *h;
304 struct nf_conntrack_tuple tuple; 306 struct nf_conntrack_tuple tuple;
305 307
306 NF_CT_TUPLE_U_BLANK(&tuple); 308 NF_CT_TUPLE_U_BLANK(&tuple);
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 0ee87edbd286..089252e82c01 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -98,8 +98,8 @@ static int ct_seq_show(struct seq_file *s, void *v)
98{ 98{
99 const struct nf_conntrack_tuple_hash *hash = v; 99 const struct nf_conntrack_tuple_hash *hash = v;
100 const struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(hash); 100 const struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(hash);
101 struct nf_conntrack_l3proto *l3proto; 101 const struct nf_conntrack_l3proto *l3proto;
102 struct nf_conntrack_l4proto *l4proto; 102 const struct nf_conntrack_l4proto *l4proto;
103 103
104 NF_CT_ASSERT(ct); 104 NF_CT_ASSERT(ct);
105 105
@@ -251,7 +251,7 @@ static void exp_seq_stop(struct seq_file *seq, void *v)
251static int exp_seq_show(struct seq_file *s, void *v) 251static int exp_seq_show(struct seq_file *s, void *v)
252{ 252{
253 struct nf_conntrack_expect *exp; 253 struct nf_conntrack_expect *exp;
254 struct hlist_node *n = v; 254 const struct hlist_node *n = v;
255 255
256 exp = hlist_entry(n, struct nf_conntrack_expect, hnode); 256 exp = hlist_entry(n, struct nf_conntrack_expect, hnode);
257 257
@@ -332,7 +332,7 @@ static void ct_cpu_seq_stop(struct seq_file *seq, void *v)
332static int ct_cpu_seq_show(struct seq_file *seq, void *v) 332static int ct_cpu_seq_show(struct seq_file *seq, void *v)
333{ 333{
334 unsigned int nr_conntracks = atomic_read(&nf_conntrack_count); 334 unsigned int nr_conntracks = atomic_read(&nf_conntrack_count);
335 struct ip_conntrack_stat *st = v; 335 const struct ip_conntrack_stat *st = v;
336 336
337 if (v == SEQ_START_TOKEN) { 337 if (v == SEQ_START_TOKEN) {
338 seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete\n"); 338 seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete\n");
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 2d7b0246475d..3717bdf34f6e 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -30,7 +30,8 @@
30static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, 30static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
31 struct nf_conntrack_tuple *tuple) 31 struct nf_conntrack_tuple *tuple)
32{ 32{
33 u_int32_t _addrs[8], *ap; 33 const u_int32_t *ap;
34 u_int32_t _addrs[8];
34 35
35 ap = skb_header_pointer(skb, nhoff + offsetof(struct ipv6hdr, saddr), 36 ap = skb_header_pointer(skb, nhoff + offsetof(struct ipv6hdr, saddr),
36 sizeof(_addrs), _addrs); 37 sizeof(_addrs), _addrs);
@@ -146,8 +147,8 @@ static unsigned int ipv6_confirm(unsigned int hooknum,
146 int (*okfn)(struct sk_buff *)) 147 int (*okfn)(struct sk_buff *))
147{ 148{
148 struct nf_conn *ct; 149 struct nf_conn *ct;
149 struct nf_conn_help *help; 150 const struct nf_conn_help *help;
150 struct nf_conntrack_helper *helper; 151 const struct nf_conntrack_helper *helper;
151 enum ip_conntrack_info ctinfo; 152 enum ip_conntrack_info ctinfo;
152 unsigned int ret, protoff; 153 unsigned int ret, protoff;
153 unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 154 unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 278b35e64d74..ea34090f10cb 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -31,8 +31,8 @@ MODULE_LICENSE("GPL");
31#ifdef CONFIG_PROC_FS 31#ifdef CONFIG_PROC_FS
32int 32int
33print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, 33print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
34 struct nf_conntrack_l3proto *l3proto, 34 const struct nf_conntrack_l3proto *l3proto,
35 struct nf_conntrack_l4proto *l4proto) 35 const struct nf_conntrack_l4proto *l4proto)
36{ 36{
37 return l3proto->print_tuple(s, tuple) || l4proto->print_tuple(s, tuple); 37 return l3proto->print_tuple(s, tuple) || l4proto->print_tuple(s, tuple);
38} 38}
@@ -118,8 +118,8 @@ static int ct_seq_show(struct seq_file *s, void *v)
118{ 118{
119 const struct nf_conntrack_tuple_hash *hash = v; 119 const struct nf_conntrack_tuple_hash *hash = v;
120 const struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(hash); 120 const struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(hash);
121 struct nf_conntrack_l3proto *l3proto; 121 const struct nf_conntrack_l3proto *l3proto;
122 struct nf_conntrack_l4proto *l4proto; 122 const struct nf_conntrack_l4proto *l4proto;
123 123
124 NF_CT_ASSERT(ct); 124 NF_CT_ASSERT(ct);
125 125
@@ -246,7 +246,7 @@ static void ct_cpu_seq_stop(struct seq_file *seq, void *v)
246static int ct_cpu_seq_show(struct seq_file *seq, void *v) 246static int ct_cpu_seq_show(struct seq_file *seq, void *v)
247{ 247{
248 unsigned int nr_conntracks = atomic_read(&nf_conntrack_count); 248 unsigned int nr_conntracks = atomic_read(&nf_conntrack_count);
249 struct ip_conntrack_stat *st = v; 249 const struct ip_conntrack_stat *st = v;
250 250
251 if (v == SEQ_START_TOKEN) { 251 if (v == SEQ_START_TOKEN) {
252 seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete\n"); 252 seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete\n");
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-30 06:36:02 -0500