aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter/xt_connlimit.h4
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h4
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c3
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c2
-rw-r--r--net/netfilter/nf_conntrack_core.c3
-rw-r--r--net/netfilter/nf_conntrack_expect.c8
-rw-r--r--net/netfilter/nf_conntrack_helper.c2
-rw-r--r--net/netfilter/xt_connlimit.c6
-rw-r--r--net/netfilter/xt_u32.c11
9 files changed, 23 insertions, 20 deletions
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 90ae8b474cb8..37e933c9987d 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -5,8 +5,8 @@ struct xt_connlimit_data;
5 5
6struct xt_connlimit_info { 6struct xt_connlimit_info {
7 union { 7 union {
8 u_int32_t v4_mask; 8 __be32 v4_mask;
9 u_int32_t v6_mask[4]; 9 __be32 v6_mask[4];
10 }; 10 };
11 unsigned int limit, inverse; 11 unsigned int limit, inverse;
12 12
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 040dae5f0c9e..c48e390f4b0f 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -35,7 +35,7 @@ union nf_conntrack_address {
35union nf_conntrack_man_proto 35union nf_conntrack_man_proto
36{ 36{
37 /* Add other protocols here. */ 37 /* Add other protocols here. */
38 u_int16_t all; 38 __be16 all;
39 39
40 struct { 40 struct {
41 __be16 port; 41 __be16 port;
@@ -73,7 +73,7 @@ struct nf_conntrack_tuple
73 union nf_conntrack_address u3; 73 union nf_conntrack_address u3;
74 union { 74 union {
75 /* Add other protocols here. */ 75 /* Add other protocols here. */
76 u_int16_t all; 76 __be16 all;
77 77
78 struct { 78 struct {
79 __be16 port; 79 __be16 port;
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index e848d8d6292f..deab27facbad 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -77,7 +77,8 @@ static inline unsigned int
77hash_by_src(const struct nf_conntrack_tuple *tuple) 77hash_by_src(const struct nf_conntrack_tuple *tuple)
78{ 78{
79 /* Original src, to ensure we map it consistently if poss. */ 79 /* Original src, to ensure we map it consistently if poss. */
80 return jhash_3words((__force u32)tuple->src.u3.ip, tuple->src.u.all, 80 return jhash_3words((__force u32)tuple->src.u3.ip,
81 (__force u32)tuple->src.u.all,
81 tuple->dst.protonum, 0) % nf_nat_htable_size; 82 tuple->dst.protonum, 0) % nf_nat_htable_size;
82} 83}
83 84
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 0f45427e5fdc..76ec59ae524d 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -192,7 +192,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum)
192 = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC 192 = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
193 ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip 193 ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip
194 : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip); 194 : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip);
195 u_int16_t all 195 __be16 all
196 = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC 196 = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
197 ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.all 197 ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.all
198 : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.all); 198 : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.all);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index aa086c83af80..0fe11889ce14 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -79,7 +79,8 @@ static u_int32_t __hash_conntrack(const struct nf_conntrack_tuple *tuple,
79 a = jhash2(tuple->src.u3.all, ARRAY_SIZE(tuple->src.u3.all), 79 a = jhash2(tuple->src.u3.all, ARRAY_SIZE(tuple->src.u3.all),
80 (tuple->src.l3num << 16) | tuple->dst.protonum); 80 (tuple->src.l3num << 16) | tuple->dst.protonum);
81 b = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all), 81 b = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),
82 (tuple->src.u.all << 16) | tuple->dst.u.all); 82 ((__force __u16)tuple->src.u.all << 16) |
83 (__force __u16)tuple->dst.u.all);
83 84
84 return jhash_2words(a, b, rnd) % size; 85 return jhash_2words(a, b, rnd) % size;
85} 86}
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 1aa6229ca99f..eb6695dcd73b 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -80,7 +80,7 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple
80 80
81 return jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all), 81 return jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),
82 (((tuple->dst.protonum ^ tuple->src.l3num) << 16) | 82 (((tuple->dst.protonum ^ tuple->src.l3num) << 16) |
83 tuple->dst.u.all) ^ nf_ct_expect_hash_rnd) % 83 (__force __u16)tuple->dst.u.all) ^ nf_ct_expect_hash_rnd) %
84 nf_ct_expect_hsize; 84 nf_ct_expect_hsize;
85} 85}
86 86
@@ -259,8 +259,8 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
259 } 259 }
260 260
261 if (src) { 261 if (src) {
262 exp->tuple.src.u.all = (__force u16)*src; 262 exp->tuple.src.u.all = *src;
263 exp->mask.src.u.all = 0xFFFF; 263 exp->mask.src.u.all = htons(0xFFFF);
264 } else { 264 } else {
265 exp->tuple.src.u.all = 0; 265 exp->tuple.src.u.all = 0;
266 exp->mask.src.u.all = 0; 266 exp->mask.src.u.all = 0;
@@ -272,7 +272,7 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
272 memset((void *)&exp->tuple.dst.u3 + len, 0x00, 272 memset((void *)&exp->tuple.dst.u3 + len, 0x00,
273 sizeof(exp->tuple.dst.u3) - len); 273 sizeof(exp->tuple.dst.u3) - len);
274 274
275 exp->tuple.dst.u.all = (__force u16)*dst; 275 exp->tuple.dst.u.all = *dst;
276} 276}
277EXPORT_SYMBOL_GPL(nf_ct_expect_init); 277EXPORT_SYMBOL_GPL(nf_ct_expect_init);
278 278
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index ca10df40784f..96aa637c0932 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -39,7 +39,7 @@ static int nf_ct_helper_vmalloc;
39static unsigned int helper_hash(const struct nf_conntrack_tuple *tuple) 39static unsigned int helper_hash(const struct nf_conntrack_tuple *tuple)
40{ 40{
41 return (((tuple->src.l3num << 8) | tuple->dst.protonum) ^ 41 return (((tuple->src.l3num << 8) | tuple->dst.protonum) ^
42 tuple->src.u.all) % nf_ct_helper_hsize; 42 (__force __u16)tuple->src.u.all) % nf_ct_helper_hsize;
43} 43}
44 44
45struct nf_conntrack_helper * 45struct nf_conntrack_helper *
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 3335dd5be962..06cff1d13690 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -42,13 +42,13 @@ struct xt_connlimit_data {
42static u_int32_t connlimit_rnd; 42static u_int32_t connlimit_rnd;
43static bool connlimit_rnd_inited; 43static bool connlimit_rnd_inited;
44 44
45static inline unsigned int connlimit_iphash(u_int32_t addr) 45static inline unsigned int connlimit_iphash(__be32 addr)
46{ 46{
47 if (unlikely(!connlimit_rnd_inited)) { 47 if (unlikely(!connlimit_rnd_inited)) {
48 get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd)); 48 get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd));
49 connlimit_rnd_inited = true; 49 connlimit_rnd_inited = true;
50 } 50 }
51 return jhash_1word(addr, connlimit_rnd) & 0xFF; 51 return jhash_1word((__force __u32)addr, connlimit_rnd) & 0xFF;
52} 52}
53 53
54static inline unsigned int 54static inline unsigned int
@@ -66,7 +66,7 @@ connlimit_iphash6(const union nf_conntrack_address *addr,
66 for (i = 0; i < ARRAY_SIZE(addr->ip6); ++i) 66 for (i = 0; i < ARRAY_SIZE(addr->ip6); ++i)
67 res.ip6[i] = addr->ip6[i] & mask->ip6[i]; 67 res.ip6[i] = addr->ip6[i] & mask->ip6[i];
68 68
69 return jhash2(res.ip6, ARRAY_SIZE(res.ip6), connlimit_rnd) & 0xFF; 69 return jhash2((u32 *)res.ip6, ARRAY_SIZE(res.ip6), connlimit_rnd) & 0xFF;
70} 70}
71 71
72static inline bool already_closed(const struct nf_conn *conn) 72static inline bool already_closed(const struct nf_conn *conn)
diff --git a/net/netfilter/xt_u32.c b/net/netfilter/xt_u32.c
index 04b677ae8dae..74f9b14c012f 100644
--- a/net/netfilter/xt_u32.c
+++ b/net/netfilter/xt_u32.c
@@ -21,6 +21,7 @@ static bool u32_match_it(const struct xt_u32 *data,
21 unsigned int nnums; 21 unsigned int nnums;
22 unsigned int nvals; 22 unsigned int nvals;
23 unsigned int i; 23 unsigned int i;
24 __be32 n;
24 u_int32_t pos; 25 u_int32_t pos;
25 u_int32_t val; 26 u_int32_t val;
26 u_int32_t at; 27 u_int32_t at;
@@ -38,9 +39,9 @@ static bool u32_match_it(const struct xt_u32 *data,
38 if (skb->len < 4 || pos > skb->len - 4); 39 if (skb->len < 4 || pos > skb->len - 4);
39 return false; 40 return false;
40 41
41 ret = skb_copy_bits(skb, pos, &val, sizeof(val)); 42 ret = skb_copy_bits(skb, pos, &n, sizeof(n));
42 BUG_ON(ret < 0); 43 BUG_ON(ret < 0);
43 val = ntohl(val); 44 val = ntohl(n);
44 nnums = ct->nnums; 45 nnums = ct->nnums;
45 46
46 /* Inner loop runs over "&", "<<", ">>" and "@" operands */ 47 /* Inner loop runs over "&", "<<", ">>" and "@" operands */
@@ -65,10 +66,10 @@ static bool u32_match_it(const struct xt_u32 *data,
65 pos > skb->len - at - 4) 66 pos > skb->len - at - 4)
66 return false; 67 return false;
67 68
68 ret = skb_copy_bits(skb, at + pos, &val, 69 ret = skb_copy_bits(skb, at + pos, &n,
69 sizeof(val)); 70 sizeof(n));
70 BUG_ON(ret < 0); 71 BUG_ON(ret < 0);
71 val = ntohl(val); 72 val = ntohl(n);
72 break; 73 break;
73 } 74 }
74 } 75 }