diff options
-rw-r--r-- | include/linux/netfilter/xt_connlimit.h | 4 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_tuple.h | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 3 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 8 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_helper.c | 2 | ||||
-rw-r--r-- | net/netfilter/xt_connlimit.c | 6 | ||||
-rw-r--r-- | net/netfilter/xt_u32.c | 11 |
9 files changed, 23 insertions, 20 deletions
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h index 90ae8b474cb8..37e933c9987d 100644 --- a/include/linux/netfilter/xt_connlimit.h +++ b/include/linux/netfilter/xt_connlimit.h | |||
@@ -5,8 +5,8 @@ struct xt_connlimit_data; | |||
5 | 5 | ||
6 | struct xt_connlimit_info { | 6 | struct xt_connlimit_info { |
7 | union { | 7 | union { |
8 | u_int32_t v4_mask; | 8 | __be32 v4_mask; |
9 | u_int32_t v6_mask[4]; | 9 | __be32 v6_mask[4]; |
10 | }; | 10 | }; |
11 | unsigned int limit, inverse; | 11 | unsigned int limit, inverse; |
12 | 12 | ||
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h index 040dae5f0c9e..c48e390f4b0f 100644 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ b/include/net/netfilter/nf_conntrack_tuple.h | |||
@@ -35,7 +35,7 @@ union nf_conntrack_address { | |||
35 | union nf_conntrack_man_proto | 35 | union nf_conntrack_man_proto |
36 | { | 36 | { |
37 | /* Add other protocols here. */ | 37 | /* Add other protocols here. */ |
38 | u_int16_t all; | 38 | __be16 all; |
39 | 39 | ||
40 | struct { | 40 | struct { |
41 | __be16 port; | 41 | __be16 port; |
@@ -73,7 +73,7 @@ struct nf_conntrack_tuple | |||
73 | union nf_conntrack_address u3; | 73 | union nf_conntrack_address u3; |
74 | union { | 74 | union { |
75 | /* Add other protocols here. */ | 75 | /* Add other protocols here. */ |
76 | u_int16_t all; | 76 | __be16 all; |
77 | 77 | ||
78 | struct { | 78 | struct { |
79 | __be16 port; | 79 | __be16 port; |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index e848d8d6292f..deab27facbad 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -77,7 +77,8 @@ static inline unsigned int | |||
77 | hash_by_src(const struct nf_conntrack_tuple *tuple) | 77 | hash_by_src(const struct nf_conntrack_tuple *tuple) |
78 | { | 78 | { |
79 | /* Original src, to ensure we map it consistently if poss. */ | 79 | /* Original src, to ensure we map it consistently if poss. */ |
80 | return jhash_3words((__force u32)tuple->src.u3.ip, tuple->src.u.all, | 80 | return jhash_3words((__force u32)tuple->src.u3.ip, |
81 | (__force u32)tuple->src.u.all, | ||
81 | tuple->dst.protonum, 0) % nf_nat_htable_size; | 82 | tuple->dst.protonum, 0) % nf_nat_htable_size; |
82 | } | 83 | } |
83 | 84 | ||
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 0f45427e5fdc..76ec59ae524d 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -192,7 +192,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum) | |||
192 | = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC | 192 | = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC |
193 | ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip | 193 | ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip |
194 | : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip); | 194 | : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip); |
195 | u_int16_t all | 195 | __be16 all |
196 | = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC | 196 | = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC |
197 | ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.all | 197 | ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.all |
198 | : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.all); | 198 | : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.all); |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index aa086c83af80..0fe11889ce14 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -79,7 +79,8 @@ static u_int32_t __hash_conntrack(const struct nf_conntrack_tuple *tuple, | |||
79 | a = jhash2(tuple->src.u3.all, ARRAY_SIZE(tuple->src.u3.all), | 79 | a = jhash2(tuple->src.u3.all, ARRAY_SIZE(tuple->src.u3.all), |
80 | (tuple->src.l3num << 16) | tuple->dst.protonum); | 80 | (tuple->src.l3num << 16) | tuple->dst.protonum); |
81 | b = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all), | 81 | b = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all), |
82 | (tuple->src.u.all << 16) | tuple->dst.u.all); | 82 | ((__force __u16)tuple->src.u.all << 16) | |
83 | (__force __u16)tuple->dst.u.all); | ||
83 | 84 | ||
84 | return jhash_2words(a, b, rnd) % size; | 85 | return jhash_2words(a, b, rnd) % size; |
85 | } | 86 | } |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 1aa6229ca99f..eb6695dcd73b 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
@@ -80,7 +80,7 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple | |||
80 | 80 | ||
81 | return jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all), | 81 | return jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all), |
82 | (((tuple->dst.protonum ^ tuple->src.l3num) << 16) | | 82 | (((tuple->dst.protonum ^ tuple->src.l3num) << 16) | |
83 | tuple->dst.u.all) ^ nf_ct_expect_hash_rnd) % | 83 | (__force __u16)tuple->dst.u.all) ^ nf_ct_expect_hash_rnd) % |
84 | nf_ct_expect_hsize; | 84 | nf_ct_expect_hsize; |
85 | } | 85 | } |
86 | 86 | ||
@@ -259,8 +259,8 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family, | |||
259 | } | 259 | } |
260 | 260 | ||
261 | if (src) { | 261 | if (src) { |
262 | exp->tuple.src.u.all = (__force u16)*src; | 262 | exp->tuple.src.u.all = *src; |
263 | exp->mask.src.u.all = 0xFFFF; | 263 | exp->mask.src.u.all = htons(0xFFFF); |
264 | } else { | 264 | } else { |
265 | exp->tuple.src.u.all = 0; | 265 | exp->tuple.src.u.all = 0; |
266 | exp->mask.src.u.all = 0; | 266 | exp->mask.src.u.all = 0; |
@@ -272,7 +272,7 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family, | |||
272 | memset((void *)&exp->tuple.dst.u3 + len, 0x00, | 272 | memset((void *)&exp->tuple.dst.u3 + len, 0x00, |
273 | sizeof(exp->tuple.dst.u3) - len); | 273 | sizeof(exp->tuple.dst.u3) - len); |
274 | 274 | ||
275 | exp->tuple.dst.u.all = (__force u16)*dst; | 275 | exp->tuple.dst.u.all = *dst; |
276 | } | 276 | } |
277 | EXPORT_SYMBOL_GPL(nf_ct_expect_init); | 277 | EXPORT_SYMBOL_GPL(nf_ct_expect_init); |
278 | 278 | ||
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index ca10df40784f..96aa637c0932 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c | |||
@@ -39,7 +39,7 @@ static int nf_ct_helper_vmalloc; | |||
39 | static unsigned int helper_hash(const struct nf_conntrack_tuple *tuple) | 39 | static unsigned int helper_hash(const struct nf_conntrack_tuple *tuple) |
40 | { | 40 | { |
41 | return (((tuple->src.l3num << 8) | tuple->dst.protonum) ^ | 41 | return (((tuple->src.l3num << 8) | tuple->dst.protonum) ^ |
42 | tuple->src.u.all) % nf_ct_helper_hsize; | 42 | (__force __u16)tuple->src.u.all) % nf_ct_helper_hsize; |
43 | } | 43 | } |
44 | 44 | ||
45 | struct nf_conntrack_helper * | 45 | struct nf_conntrack_helper * |
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index 3335dd5be962..06cff1d13690 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c | |||
@@ -42,13 +42,13 @@ struct xt_connlimit_data { | |||
42 | static u_int32_t connlimit_rnd; | 42 | static u_int32_t connlimit_rnd; |
43 | static bool connlimit_rnd_inited; | 43 | static bool connlimit_rnd_inited; |
44 | 44 | ||
45 | static inline unsigned int connlimit_iphash(u_int32_t addr) | 45 | static inline unsigned int connlimit_iphash(__be32 addr) |
46 | { | 46 | { |
47 | if (unlikely(!connlimit_rnd_inited)) { | 47 | if (unlikely(!connlimit_rnd_inited)) { |
48 | get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd)); | 48 | get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd)); |
49 | connlimit_rnd_inited = true; | 49 | connlimit_rnd_inited = true; |
50 | } | 50 | } |
51 | return jhash_1word(addr, connlimit_rnd) & 0xFF; | 51 | return jhash_1word((__force __u32)addr, connlimit_rnd) & 0xFF; |
52 | } | 52 | } |
53 | 53 | ||
54 | static inline unsigned int | 54 | static inline unsigned int |
@@ -66,7 +66,7 @@ connlimit_iphash6(const union nf_conntrack_address *addr, | |||
66 | for (i = 0; i < ARRAY_SIZE(addr->ip6); ++i) | 66 | for (i = 0; i < ARRAY_SIZE(addr->ip6); ++i) |
67 | res.ip6[i] = addr->ip6[i] & mask->ip6[i]; | 67 | res.ip6[i] = addr->ip6[i] & mask->ip6[i]; |
68 | 68 | ||
69 | return jhash2(res.ip6, ARRAY_SIZE(res.ip6), connlimit_rnd) & 0xFF; | 69 | return jhash2((u32 *)res.ip6, ARRAY_SIZE(res.ip6), connlimit_rnd) & 0xFF; |
70 | } | 70 | } |
71 | 71 | ||
72 | static inline bool already_closed(const struct nf_conn *conn) | 72 | static inline bool already_closed(const struct nf_conn *conn) |
diff --git a/net/netfilter/xt_u32.c b/net/netfilter/xt_u32.c index 04b677ae8dae..74f9b14c012f 100644 --- a/net/netfilter/xt_u32.c +++ b/net/netfilter/xt_u32.c | |||
@@ -21,6 +21,7 @@ static bool u32_match_it(const struct xt_u32 *data, | |||
21 | unsigned int nnums; | 21 | unsigned int nnums; |
22 | unsigned int nvals; | 22 | unsigned int nvals; |
23 | unsigned int i; | 23 | unsigned int i; |
24 | __be32 n; | ||
24 | u_int32_t pos; | 25 | u_int32_t pos; |
25 | u_int32_t val; | 26 | u_int32_t val; |
26 | u_int32_t at; | 27 | u_int32_t at; |
@@ -38,9 +39,9 @@ static bool u32_match_it(const struct xt_u32 *data, | |||
38 | if (skb->len < 4 || pos > skb->len - 4); | 39 | if (skb->len < 4 || pos > skb->len - 4); |
39 | return false; | 40 | return false; |
40 | 41 | ||
41 | ret = skb_copy_bits(skb, pos, &val, sizeof(val)); | 42 | ret = skb_copy_bits(skb, pos, &n, sizeof(n)); |
42 | BUG_ON(ret < 0); | 43 | BUG_ON(ret < 0); |
43 | val = ntohl(val); | 44 | val = ntohl(n); |
44 | nnums = ct->nnums; | 45 | nnums = ct->nnums; |
45 | 46 | ||
46 | /* Inner loop runs over "&", "<<", ">>" and "@" operands */ | 47 | /* Inner loop runs over "&", "<<", ">>" and "@" operands */ |
@@ -65,10 +66,10 @@ static bool u32_match_it(const struct xt_u32 *data, | |||
65 | pos > skb->len - at - 4) | 66 | pos > skb->len - at - 4) |
66 | return false; | 67 | return false; |
67 | 68 | ||
68 | ret = skb_copy_bits(skb, at + pos, &val, | 69 | ret = skb_copy_bits(skb, at + pos, &n, |
69 | sizeof(val)); | 70 | sizeof(n)); |
70 | BUG_ON(ret < 0); | 71 | BUG_ON(ret < 0); |
71 | val = ntohl(val); | 72 | val = ntohl(n); |
72 | break; | 73 | break; |
73 | } | 74 | } |
74 | } | 75 | } |