diff options
Diffstat (limited to 'net/bridge')
-rw-r--r-- | net/bridge/netfilter/ebt_802_3.c | 6 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_among.c | 24 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arp.c | 13 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_arpreply.c | 13 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_dnat.c | 4 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ip.c | 10 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_limit.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_log.c | 18 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark.c | 4 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_mark_m.c | 4 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_pkttype.c | 4 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_redirect.c | 4 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 7 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_stp.c | 24 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_ulog.c | 4 | ||||
-rw-r--r-- | net/bridge/netfilter/ebt_vlan.c | 7 |
16 files changed, 85 insertions, 63 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index 41a78072cd0e..ac1730b32aa2 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c | |||
@@ -15,8 +15,8 @@ | |||
15 | static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in, | 15 | static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in, |
16 | const struct net_device *out, const void *data, unsigned int datalen) | 16 | const struct net_device *out, const void *data, unsigned int datalen) |
17 | { | 17 | { |
18 | struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; | 18 | const struct ebt_802_3_info *info = data; |
19 | struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); | 19 | const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); |
20 | __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; | 20 | __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; |
21 | 21 | ||
22 | if (info->bitmask & EBT_802_3_SAP) { | 22 | if (info->bitmask & EBT_802_3_SAP) { |
@@ -40,7 +40,7 @@ static struct ebt_match filter_802_3; | |||
40 | static int ebt_802_3_check(const char *tablename, unsigned int hookmask, | 40 | static int ebt_802_3_check(const char *tablename, unsigned int hookmask, |
41 | const struct ebt_entry *e, void *data, unsigned int datalen) | 41 | const struct ebt_entry *e, void *data, unsigned int datalen) |
42 | { | 42 | { |
43 | struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; | 43 | const struct ebt_802_3_info *info = data; |
44 | 44 | ||
45 | if (datalen < sizeof(struct ebt_802_3_info)) | 45 | if (datalen < sizeof(struct ebt_802_3_info)) |
46 | return -EINVAL; | 46 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index 6436d30a550e..318157e1565d 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c | |||
@@ -25,7 +25,7 @@ static int ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh, | |||
25 | const struct ebt_mac_wormhash_tuple *p; | 25 | const struct ebt_mac_wormhash_tuple *p; |
26 | int start, limit, i; | 26 | int start, limit, i; |
27 | uint32_t cmp[2] = { 0, 0 }; | 27 | uint32_t cmp[2] = { 0, 0 }; |
28 | int key = (const unsigned char) mac[5]; | 28 | int key = ((const unsigned char *)mac)[5]; |
29 | 29 | ||
30 | memcpy(((char *) cmp) + 2, mac, 6); | 30 | memcpy(((char *) cmp) + 2, mac, 6); |
31 | start = wh->table[key]; | 31 | start = wh->table[key]; |
@@ -73,15 +73,18 @@ static int ebt_mac_wormhash_check_integrity(const struct ebt_mac_wormhash | |||
73 | static int get_ip_dst(const struct sk_buff *skb, __be32 *addr) | 73 | static int get_ip_dst(const struct sk_buff *skb, __be32 *addr) |
74 | { | 74 | { |
75 | if (eth_hdr(skb)->h_proto == htons(ETH_P_IP)) { | 75 | if (eth_hdr(skb)->h_proto == htons(ETH_P_IP)) { |
76 | struct iphdr _iph, *ih; | 76 | const struct iphdr *ih; |
77 | struct iphdr _iph; | ||
77 | 78 | ||
78 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); | 79 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); |
79 | if (ih == NULL) | 80 | if (ih == NULL) |
80 | return -1; | 81 | return -1; |
81 | *addr = ih->daddr; | 82 | *addr = ih->daddr; |
82 | } else if (eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { | 83 | } else if (eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { |
83 | struct arphdr _arph, *ah; | 84 | const struct arphdr *ah; |
84 | __be32 buf, *bp; | 85 | struct arphdr _arph; |
86 | const __be32 *bp; | ||
87 | __be32 buf; | ||
85 | 88 | ||
86 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); | 89 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); |
87 | if (ah == NULL || | 90 | if (ah == NULL || |
@@ -101,15 +104,18 @@ static int get_ip_dst(const struct sk_buff *skb, __be32 *addr) | |||
101 | static int get_ip_src(const struct sk_buff *skb, __be32 *addr) | 104 | static int get_ip_src(const struct sk_buff *skb, __be32 *addr) |
102 | { | 105 | { |
103 | if (eth_hdr(skb)->h_proto == htons(ETH_P_IP)) { | 106 | if (eth_hdr(skb)->h_proto == htons(ETH_P_IP)) { |
104 | struct iphdr _iph, *ih; | 107 | const struct iphdr *ih; |
108 | struct iphdr _iph; | ||
105 | 109 | ||
106 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); | 110 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); |
107 | if (ih == NULL) | 111 | if (ih == NULL) |
108 | return -1; | 112 | return -1; |
109 | *addr = ih->saddr; | 113 | *addr = ih->saddr; |
110 | } else if (eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { | 114 | } else if (eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { |
111 | struct arphdr _arph, *ah; | 115 | const struct arphdr *ah; |
112 | __be32 buf, *bp; | 116 | struct arphdr _arph; |
117 | const __be32 *bp; | ||
118 | __be32 buf; | ||
113 | 119 | ||
114 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); | 120 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); |
115 | if (ah == NULL || | 121 | if (ah == NULL || |
@@ -130,7 +136,7 @@ static int ebt_filter_among(const struct sk_buff *skb, | |||
130 | const struct net_device *out, const void *data, | 136 | const struct net_device *out, const void *data, |
131 | unsigned int datalen) | 137 | unsigned int datalen) |
132 | { | 138 | { |
133 | struct ebt_among_info *info = (struct ebt_among_info *) data; | 139 | const struct ebt_among_info *info = data; |
134 | const char *dmac, *smac; | 140 | const char *dmac, *smac; |
135 | const struct ebt_mac_wormhash *wh_dst, *wh_src; | 141 | const struct ebt_mac_wormhash *wh_dst, *wh_src; |
136 | __be32 dip = 0, sip = 0; | 142 | __be32 dip = 0, sip = 0; |
@@ -175,7 +181,7 @@ static int ebt_among_check(const char *tablename, unsigned int hookmask, | |||
175 | const struct ebt_entry *e, void *data, | 181 | const struct ebt_entry *e, void *data, |
176 | unsigned int datalen) | 182 | unsigned int datalen) |
177 | { | 183 | { |
178 | struct ebt_among_info *info = (struct ebt_among_info *) data; | 184 | const struct ebt_among_info *info = data; |
179 | int expected_length = sizeof(struct ebt_among_info); | 185 | int expected_length = sizeof(struct ebt_among_info); |
180 | const struct ebt_mac_wormhash *wh_dst, *wh_src; | 186 | const struct ebt_mac_wormhash *wh_dst, *wh_src; |
181 | int err; | 187 | int err; |
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index 18141392a9b4..933433ede38f 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c | |||
@@ -18,8 +18,9 @@ | |||
18 | static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in, | 18 | static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in, |
19 | const struct net_device *out, const void *data, unsigned int datalen) | 19 | const struct net_device *out, const void *data, unsigned int datalen) |
20 | { | 20 | { |
21 | struct ebt_arp_info *info = (struct ebt_arp_info *)data; | 21 | const struct ebt_arp_info *info = data; |
22 | struct arphdr _arph, *ah; | 22 | const struct arphdr *ah; |
23 | struct arphdr _arph; | ||
23 | 24 | ||
24 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); | 25 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); |
25 | if (ah == NULL) | 26 | if (ah == NULL) |
@@ -35,7 +36,8 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in | |||
35 | return EBT_NOMATCH; | 36 | return EBT_NOMATCH; |
36 | 37 | ||
37 | if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) { | 38 | if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) { |
38 | __be32 saddr, daddr, *sap, *dap; | 39 | const __be32 *sap, *dap; |
40 | __be32 saddr, daddr; | ||
39 | 41 | ||
40 | if (ah->ar_pln != sizeof(__be32) || ah->ar_pro != htons(ETH_P_IP)) | 42 | if (ah->ar_pln != sizeof(__be32) || ah->ar_pro != htons(ETH_P_IP)) |
41 | return EBT_NOMATCH; | 43 | return EBT_NOMATCH; |
@@ -61,7 +63,8 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in | |||
61 | } | 63 | } |
62 | 64 | ||
63 | if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) { | 65 | if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) { |
64 | unsigned char _mac[ETH_ALEN], *mp; | 66 | const unsigned char *mp; |
67 | unsigned char _mac[ETH_ALEN]; | ||
65 | uint8_t verdict, i; | 68 | uint8_t verdict, i; |
66 | 69 | ||
67 | if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER)) | 70 | if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER)) |
@@ -100,7 +103,7 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in | |||
100 | static int ebt_arp_check(const char *tablename, unsigned int hookmask, | 103 | static int ebt_arp_check(const char *tablename, unsigned int hookmask, |
101 | const struct ebt_entry *e, void *data, unsigned int datalen) | 104 | const struct ebt_entry *e, void *data, unsigned int datalen) |
102 | { | 105 | { |
103 | struct ebt_arp_info *info = (struct ebt_arp_info *)data; | 106 | const struct ebt_arp_info *info = data; |
104 | 107 | ||
105 | if (datalen != EBT_ALIGN(sizeof(struct ebt_arp_info))) | 108 | if (datalen != EBT_ALIGN(sizeof(struct ebt_arp_info))) |
106 | return -EINVAL; | 109 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index 48a80e423287..7b6a8c13ccd8 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
@@ -19,10 +19,13 @@ static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, | |||
19 | const struct net_device *in, const struct net_device *out, | 19 | const struct net_device *in, const struct net_device *out, |
20 | const void *data, unsigned int datalen) | 20 | const void *data, unsigned int datalen) |
21 | { | 21 | { |
22 | struct ebt_arpreply_info *info = (struct ebt_arpreply_info *)data; | 22 | struct ebt_arpreply_info *info = (void *)data; |
23 | __be32 _sip, *siptr, _dip, *diptr; | 23 | const __be32 *siptr, *diptr; |
24 | struct arphdr _ah, *ap; | 24 | __be32 _sip, _dip; |
25 | unsigned char _sha[ETH_ALEN], *shp; | 25 | const struct arphdr *ap; |
26 | struct arphdr _ah; | ||
27 | const unsigned char *shp; | ||
28 | unsigned char _sha[ETH_ALEN]; | ||
26 | 29 | ||
27 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); | 30 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); |
28 | if (ap == NULL) | 31 | if (ap == NULL) |
@@ -58,7 +61,7 @@ static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, | |||
58 | static int ebt_target_reply_check(const char *tablename, unsigned int hookmask, | 61 | static int ebt_target_reply_check(const char *tablename, unsigned int hookmask, |
59 | const struct ebt_entry *e, void *data, unsigned int datalen) | 62 | const struct ebt_entry *e, void *data, unsigned int datalen) |
60 | { | 63 | { |
61 | struct ebt_arpreply_info *info = (struct ebt_arpreply_info *)data; | 64 | const struct ebt_arpreply_info *info = data; |
62 | 65 | ||
63 | if (datalen != EBT_ALIGN(sizeof(struct ebt_arpreply_info))) | 66 | if (datalen != EBT_ALIGN(sizeof(struct ebt_arpreply_info))) |
64 | return -EINVAL; | 67 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index 74262e9a566a..6ad91609b6ad 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
@@ -18,7 +18,7 @@ static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, | |||
18 | const struct net_device *in, const struct net_device *out, | 18 | const struct net_device *in, const struct net_device *out, |
19 | const void *data, unsigned int datalen) | 19 | const void *data, unsigned int datalen) |
20 | { | 20 | { |
21 | struct ebt_nat_info *info = (struct ebt_nat_info *)data; | 21 | const struct ebt_nat_info *info = data; |
22 | 22 | ||
23 | if (skb_make_writable(skb, 0)) | 23 | if (skb_make_writable(skb, 0)) |
24 | return NF_DROP; | 24 | return NF_DROP; |
@@ -30,7 +30,7 @@ static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, | |||
30 | static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask, | 30 | static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask, |
31 | const struct ebt_entry *e, void *data, unsigned int datalen) | 31 | const struct ebt_entry *e, void *data, unsigned int datalen) |
32 | { | 32 | { |
33 | struct ebt_nat_info *info = (struct ebt_nat_info *)data; | 33 | const struct ebt_nat_info *info = data; |
34 | 34 | ||
35 | if (BASE_CHAIN && info->target == EBT_RETURN) | 35 | if (BASE_CHAIN && info->target == EBT_RETURN) |
36 | return -EINVAL; | 36 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index 69f7f0ab9c76..82934f9b1e02 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c | |||
@@ -28,9 +28,11 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, | |||
28 | const struct net_device *out, const void *data, | 28 | const struct net_device *out, const void *data, |
29 | unsigned int datalen) | 29 | unsigned int datalen) |
30 | { | 30 | { |
31 | struct ebt_ip_info *info = (struct ebt_ip_info *)data; | 31 | const struct ebt_ip_info *info = data; |
32 | struct iphdr _iph, *ih; | 32 | const struct iphdr *ih; |
33 | struct tcpudphdr _ports, *pptr; | 33 | struct iphdr _iph; |
34 | const struct tcpudphdr *pptr; | ||
35 | struct tcpudphdr _ports; | ||
34 | 36 | ||
35 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); | 37 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); |
36 | if (ih == NULL) | 38 | if (ih == NULL) |
@@ -79,7 +81,7 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, | |||
79 | static int ebt_ip_check(const char *tablename, unsigned int hookmask, | 81 | static int ebt_ip_check(const char *tablename, unsigned int hookmask, |
80 | const struct ebt_entry *e, void *data, unsigned int datalen) | 82 | const struct ebt_entry *e, void *data, unsigned int datalen) |
81 | { | 83 | { |
82 | struct ebt_ip_info *info = (struct ebt_ip_info *)data; | 84 | const struct ebt_ip_info *info = data; |
83 | 85 | ||
84 | if (datalen != EBT_ALIGN(sizeof(struct ebt_ip_info))) | 86 | if (datalen != EBT_ALIGN(sizeof(struct ebt_ip_info))) |
85 | return -EINVAL; | 87 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index d48fa5cb26cf..2eb5cb79662d 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c | |||
@@ -69,7 +69,7 @@ user2credits(u_int32_t user) | |||
69 | static int ebt_limit_check(const char *tablename, unsigned int hookmask, | 69 | static int ebt_limit_check(const char *tablename, unsigned int hookmask, |
70 | const struct ebt_entry *e, void *data, unsigned int datalen) | 70 | const struct ebt_entry *e, void *data, unsigned int datalen) |
71 | { | 71 | { |
72 | struct ebt_limit_info *info = (struct ebt_limit_info *)data; | 72 | struct ebt_limit_info *info = data; |
73 | 73 | ||
74 | if (datalen != EBT_ALIGN(sizeof(struct ebt_limit_info))) | 74 | if (datalen != EBT_ALIGN(sizeof(struct ebt_limit_info))) |
75 | return -EINVAL; | 75 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index 3be9e9898553..40560d64d8c0 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
@@ -24,7 +24,7 @@ static DEFINE_SPINLOCK(ebt_log_lock); | |||
24 | static int ebt_log_check(const char *tablename, unsigned int hookmask, | 24 | static int ebt_log_check(const char *tablename, unsigned int hookmask, |
25 | const struct ebt_entry *e, void *data, unsigned int datalen) | 25 | const struct ebt_entry *e, void *data, unsigned int datalen) |
26 | { | 26 | { |
27 | struct ebt_log_info *info = (struct ebt_log_info *)data; | 27 | struct ebt_log_info *info = data; |
28 | 28 | ||
29 | if (datalen != EBT_ALIGN(sizeof(struct ebt_log_info))) | 29 | if (datalen != EBT_ALIGN(sizeof(struct ebt_log_info))) |
30 | return -EINVAL; | 30 | return -EINVAL; |
@@ -50,7 +50,7 @@ struct arppayload | |||
50 | unsigned char ip_dst[4]; | 50 | unsigned char ip_dst[4]; |
51 | }; | 51 | }; |
52 | 52 | ||
53 | static void print_MAC(unsigned char *p) | 53 | static void print_MAC(const unsigned char *p) |
54 | { | 54 | { |
55 | int i; | 55 | int i; |
56 | 56 | ||
@@ -84,7 +84,8 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum, | |||
84 | 84 | ||
85 | if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto == | 85 | if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto == |
86 | htons(ETH_P_IP)){ | 86 | htons(ETH_P_IP)){ |
87 | struct iphdr _iph, *ih; | 87 | const struct iphdr *ih; |
88 | struct iphdr _iph; | ||
88 | 89 | ||
89 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); | 90 | ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); |
90 | if (ih == NULL) { | 91 | if (ih == NULL) { |
@@ -99,7 +100,8 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum, | |||
99 | ih->protocol == IPPROTO_UDPLITE || | 100 | ih->protocol == IPPROTO_UDPLITE || |
100 | ih->protocol == IPPROTO_SCTP || | 101 | ih->protocol == IPPROTO_SCTP || |
101 | ih->protocol == IPPROTO_DCCP) { | 102 | ih->protocol == IPPROTO_DCCP) { |
102 | struct tcpudphdr _ports, *pptr; | 103 | const struct tcpudphdr *pptr; |
104 | struct tcpudphdr _ports; | ||
103 | 105 | ||
104 | pptr = skb_header_pointer(skb, ih->ihl*4, | 106 | pptr = skb_header_pointer(skb, ih->ihl*4, |
105 | sizeof(_ports), &_ports); | 107 | sizeof(_ports), &_ports); |
@@ -116,7 +118,8 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum, | |||
116 | if ((bitmask & EBT_LOG_ARP) && | 118 | if ((bitmask & EBT_LOG_ARP) && |
117 | ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) || | 119 | ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) || |
118 | (eth_hdr(skb)->h_proto == htons(ETH_P_RARP)))) { | 120 | (eth_hdr(skb)->h_proto == htons(ETH_P_RARP)))) { |
119 | struct arphdr _arph, *ah; | 121 | const struct arphdr *ah; |
122 | struct arphdr _arph; | ||
120 | 123 | ||
121 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); | 124 | ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); |
122 | if (ah == NULL) { | 125 | if (ah == NULL) { |
@@ -132,7 +135,8 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum, | |||
132 | if (ah->ar_hrd == htons(1) && | 135 | if (ah->ar_hrd == htons(1) && |
133 | ah->ar_hln == ETH_ALEN && | 136 | ah->ar_hln == ETH_ALEN && |
134 | ah->ar_pln == sizeof(__be32)) { | 137 | ah->ar_pln == sizeof(__be32)) { |
135 | struct arppayload _arpp, *ap; | 138 | const struct arppayload *ap; |
139 | struct arppayload _arpp; | ||
136 | 140 | ||
137 | ap = skb_header_pointer(skb, sizeof(_arph), | 141 | ap = skb_header_pointer(skb, sizeof(_arph), |
138 | sizeof(_arpp), &_arpp); | 142 | sizeof(_arpp), &_arpp); |
@@ -160,7 +164,7 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr, | |||
160 | const struct net_device *in, const struct net_device *out, | 164 | const struct net_device *in, const struct net_device *out, |
161 | const void *data, unsigned int datalen) | 165 | const void *data, unsigned int datalen) |
162 | { | 166 | { |
163 | struct ebt_log_info *info = (struct ebt_log_info *)data; | 167 | const struct ebt_log_info *info = data; |
164 | struct nf_loginfo li; | 168 | struct nf_loginfo li; |
165 | 169 | ||
166 | li.type = NF_LOG_TYPE_LOG; | 170 | li.type = NF_LOG_TYPE_LOG; |
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index 6cba54309c09..6fe93dfee9b0 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -21,7 +21,7 @@ static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, | |||
21 | const struct net_device *in, const struct net_device *out, | 21 | const struct net_device *in, const struct net_device *out, |
22 | const void *data, unsigned int datalen) | 22 | const void *data, unsigned int datalen) |
23 | { | 23 | { |
24 | struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; | 24 | const struct ebt_mark_t_info *info = data; |
25 | int action = info->target & -16; | 25 | int action = info->target & -16; |
26 | 26 | ||
27 | if (action == MARK_SET_VALUE) | 27 | if (action == MARK_SET_VALUE) |
@@ -39,7 +39,7 @@ static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, | |||
39 | static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, | 39 | static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, |
40 | const struct ebt_entry *e, void *data, unsigned int datalen) | 40 | const struct ebt_entry *e, void *data, unsigned int datalen) |
41 | { | 41 | { |
42 | struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; | 42 | const struct ebt_mark_t_info *info = data; |
43 | int tmp; | 43 | int tmp; |
44 | 44 | ||
45 | if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_t_info))) | 45 | if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_t_info))) |
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index 6b0d2169af74..0acab0917a63 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c | |||
@@ -16,7 +16,7 @@ static int ebt_filter_mark(const struct sk_buff *skb, | |||
16 | const struct net_device *in, const struct net_device *out, const void *data, | 16 | const struct net_device *in, const struct net_device *out, const void *data, |
17 | unsigned int datalen) | 17 | unsigned int datalen) |
18 | { | 18 | { |
19 | struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data; | 19 | const struct ebt_mark_m_info *info = data; |
20 | 20 | ||
21 | if (info->bitmask & EBT_MARK_OR) | 21 | if (info->bitmask & EBT_MARK_OR) |
22 | return !(!!(skb->mark & info->mask) ^ info->invert); | 22 | return !(!!(skb->mark & info->mask) ^ info->invert); |
@@ -26,7 +26,7 @@ static int ebt_filter_mark(const struct sk_buff *skb, | |||
26 | static int ebt_mark_check(const char *tablename, unsigned int hookmask, | 26 | static int ebt_mark_check(const char *tablename, unsigned int hookmask, |
27 | const struct ebt_entry *e, void *data, unsigned int datalen) | 27 | const struct ebt_entry *e, void *data, unsigned int datalen) |
28 | { | 28 | { |
29 | struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data; | 29 | const struct ebt_mark_m_info *info = data; |
30 | 30 | ||
31 | if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_m_info))) | 31 | if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_m_info))) |
32 | return -EINVAL; | 32 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index 4fffd70e4da7..a15cf061bafb 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c | |||
@@ -18,7 +18,7 @@ static int ebt_filter_pkttype(const struct sk_buff *skb, | |||
18 | const void *data, | 18 | const void *data, |
19 | unsigned int datalen) | 19 | unsigned int datalen) |
20 | { | 20 | { |
21 | struct ebt_pkttype_info *info = (struct ebt_pkttype_info *)data; | 21 | const struct ebt_pkttype_info *info = data; |
22 | 22 | ||
23 | return (skb->pkt_type != info->pkt_type) ^ info->invert; | 23 | return (skb->pkt_type != info->pkt_type) ^ info->invert; |
24 | } | 24 | } |
@@ -26,7 +26,7 @@ static int ebt_filter_pkttype(const struct sk_buff *skb, | |||
26 | static int ebt_pkttype_check(const char *tablename, unsigned int hookmask, | 26 | static int ebt_pkttype_check(const char *tablename, unsigned int hookmask, |
27 | const struct ebt_entry *e, void *data, unsigned int datalen) | 27 | const struct ebt_entry *e, void *data, unsigned int datalen) |
28 | { | 28 | { |
29 | struct ebt_pkttype_info *info = (struct ebt_pkttype_info *)data; | 29 | const struct ebt_pkttype_info *info = data; |
30 | 30 | ||
31 | if (datalen != EBT_ALIGN(sizeof(struct ebt_pkttype_info))) | 31 | if (datalen != EBT_ALIGN(sizeof(struct ebt_pkttype_info))) |
32 | return -EINVAL; | 32 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 422cb834cff9..c1f9ca293e9c 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
@@ -19,7 +19,7 @@ static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr, | |||
19 | const struct net_device *in, const struct net_device *out, | 19 | const struct net_device *in, const struct net_device *out, |
20 | const void *data, unsigned int datalen) | 20 | const void *data, unsigned int datalen) |
21 | { | 21 | { |
22 | struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; | 22 | const struct ebt_redirect_info *info = data; |
23 | 23 | ||
24 | if (skb_make_writable(skb, 0)) | 24 | if (skb_make_writable(skb, 0)) |
25 | return NF_DROP; | 25 | return NF_DROP; |
@@ -36,7 +36,7 @@ static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr, | |||
36 | static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask, | 36 | static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask, |
37 | const struct ebt_entry *e, void *data, unsigned int datalen) | 37 | const struct ebt_entry *e, void *data, unsigned int datalen) |
38 | { | 38 | { |
39 | struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; | 39 | const struct ebt_redirect_info *info = data; |
40 | 40 | ||
41 | if (datalen != EBT_ALIGN(sizeof(struct ebt_redirect_info))) | 41 | if (datalen != EBT_ALIGN(sizeof(struct ebt_redirect_info))) |
42 | return -EINVAL; | 42 | return -EINVAL; |
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index 425ac920904d..6bc263c58981 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
@@ -20,7 +20,7 @@ static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, | |||
20 | const struct net_device *in, const struct net_device *out, | 20 | const struct net_device *in, const struct net_device *out, |
21 | const void *data, unsigned int datalen) | 21 | const void *data, unsigned int datalen) |
22 | { | 22 | { |
23 | struct ebt_nat_info *info = (struct ebt_nat_info *) data; | 23 | const struct ebt_nat_info *info = data; |
24 | 24 | ||
25 | if (skb_make_writable(skb, 0)) | 25 | if (skb_make_writable(skb, 0)) |
26 | return NF_DROP; | 26 | return NF_DROP; |
@@ -28,7 +28,8 @@ static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, | |||
28 | memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN); | 28 | memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN); |
29 | if (!(info->target & NAT_ARP_BIT) && | 29 | if (!(info->target & NAT_ARP_BIT) && |
30 | eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { | 30 | eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { |
31 | struct arphdr _ah, *ap; | 31 | const struct arphdr *ap; |
32 | struct arphdr _ah; | ||
32 | 33 | ||
33 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); | 34 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); |
34 | if (ap == NULL) | 35 | if (ap == NULL) |
@@ -45,7 +46,7 @@ out: | |||
45 | static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, | 46 | static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, |
46 | const struct ebt_entry *e, void *data, unsigned int datalen) | 47 | const struct ebt_entry *e, void *data, unsigned int datalen) |
47 | { | 48 | { |
48 | struct ebt_nat_info *info = (struct ebt_nat_info *) data; | 49 | const struct ebt_nat_info *info = data; |
49 | int tmp; | 50 | int tmp; |
50 | 51 | ||
51 | if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info))) | 52 | if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info))) |
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index 31b77367319c..fe323c4db58e 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c | |||
@@ -40,10 +40,10 @@ struct stp_config_pdu { | |||
40 | #define NR16(p) (p[0] << 8 | p[1]) | 40 | #define NR16(p) (p[0] << 8 | p[1]) |
41 | #define NR32(p) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]) | 41 | #define NR32(p) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]) |
42 | 42 | ||
43 | static int ebt_filter_config(struct ebt_stp_info *info, | 43 | static int ebt_filter_config(const struct ebt_stp_info *info, |
44 | struct stp_config_pdu *stpc) | 44 | const struct stp_config_pdu *stpc) |
45 | { | 45 | { |
46 | struct ebt_stp_config_info *c; | 46 | const struct ebt_stp_config_info *c; |
47 | uint16_t v16; | 47 | uint16_t v16; |
48 | uint32_t v32; | 48 | uint32_t v32; |
49 | int verdict, i; | 49 | int verdict, i; |
@@ -122,9 +122,10 @@ static int ebt_filter_config(struct ebt_stp_info *info, | |||
122 | static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in, | 122 | static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in, |
123 | const struct net_device *out, const void *data, unsigned int datalen) | 123 | const struct net_device *out, const void *data, unsigned int datalen) |
124 | { | 124 | { |
125 | struct ebt_stp_info *info = (struct ebt_stp_info *)data; | 125 | const struct ebt_stp_info *info = data; |
126 | struct stp_header _stph, *sp; | 126 | const struct stp_header *sp; |
127 | uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00}; | 127 | struct stp_header _stph; |
128 | const uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00}; | ||
128 | 129 | ||
129 | sp = skb_header_pointer(skb, 0, sizeof(_stph), &_stph); | 130 | sp = skb_header_pointer(skb, 0, sizeof(_stph), &_stph); |
130 | if (sp == NULL) | 131 | if (sp == NULL) |
@@ -140,7 +141,8 @@ static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in | |||
140 | 141 | ||
141 | if (sp->type == BPDU_TYPE_CONFIG && | 142 | if (sp->type == BPDU_TYPE_CONFIG && |
142 | info->bitmask & EBT_STP_CONFIG_MASK) { | 143 | info->bitmask & EBT_STP_CONFIG_MASK) { |
143 | struct stp_config_pdu _stpc, *st; | 144 | const struct stp_config_pdu *st; |
145 | struct stp_config_pdu _stpc; | ||
144 | 146 | ||
145 | st = skb_header_pointer(skb, sizeof(_stph), | 147 | st = skb_header_pointer(skb, sizeof(_stph), |
146 | sizeof(_stpc), &_stpc); | 148 | sizeof(_stpc), &_stpc); |
@@ -154,10 +156,10 @@ static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in | |||
154 | static int ebt_stp_check(const char *tablename, unsigned int hookmask, | 156 | static int ebt_stp_check(const char *tablename, unsigned int hookmask, |
155 | const struct ebt_entry *e, void *data, unsigned int datalen) | 157 | const struct ebt_entry *e, void *data, unsigned int datalen) |
156 | { | 158 | { |
157 | struct ebt_stp_info *info = (struct ebt_stp_info *)data; | 159 | const struct ebt_stp_info *info = data; |
158 | int len = EBT_ALIGN(sizeof(struct ebt_stp_info)); | 160 | const unsigned int len = EBT_ALIGN(sizeof(struct ebt_stp_info)); |
159 | uint8_t bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 }; | 161 | const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; |
160 | uint8_t msk[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; | 162 | const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; |
161 | 163 | ||
162 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || | 164 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || |
163 | !(info->bitmask & EBT_STP_MASK)) | 165 | !(info->bitmask & EBT_STP_MASK)) |
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 8e7b00b68d38..2015711d94b9 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
@@ -249,7 +249,7 @@ static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr, | |||
249 | const struct net_device *in, const struct net_device *out, | 249 | const struct net_device *in, const struct net_device *out, |
250 | const void *data, unsigned int datalen) | 250 | const void *data, unsigned int datalen) |
251 | { | 251 | { |
252 | struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data; | 252 | const struct ebt_ulog_info *uloginfo = data; |
253 | 253 | ||
254 | ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL); | 254 | ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL); |
255 | } | 255 | } |
@@ -258,7 +258,7 @@ static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr, | |||
258 | static int ebt_ulog_check(const char *tablename, unsigned int hookmask, | 258 | static int ebt_ulog_check(const char *tablename, unsigned int hookmask, |
259 | const struct ebt_entry *e, void *data, unsigned int datalen) | 259 | const struct ebt_entry *e, void *data, unsigned int datalen) |
260 | { | 260 | { |
261 | struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data; | 261 | struct ebt_ulog_info *uloginfo = data; |
262 | 262 | ||
263 | if (datalen != EBT_ALIGN(sizeof(struct ebt_ulog_info)) || | 263 | if (datalen != EBT_ALIGN(sizeof(struct ebt_ulog_info)) || |
264 | uloginfo->nlgroup > 31) | 264 | uloginfo->nlgroup > 31) |
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index 0ddf7499d496..097d06701e49 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c | |||
@@ -46,8 +46,9 @@ ebt_filter_vlan(const struct sk_buff *skb, | |||
46 | const struct net_device *out, | 46 | const struct net_device *out, |
47 | const void *data, unsigned int datalen) | 47 | const void *data, unsigned int datalen) |
48 | { | 48 | { |
49 | struct ebt_vlan_info *info = (struct ebt_vlan_info *) data; | 49 | const struct ebt_vlan_info *info = data; |
50 | struct vlan_hdr _frame, *fp; | 50 | const struct vlan_hdr *fp; |
51 | struct vlan_hdr _frame; | ||
51 | 52 | ||
52 | unsigned short TCI; /* Whole TCI, given from parsed frame */ | 53 | unsigned short TCI; /* Whole TCI, given from parsed frame */ |
53 | unsigned short id; /* VLAN ID, given from frame TCI */ | 54 | unsigned short id; /* VLAN ID, given from frame TCI */ |
@@ -91,7 +92,7 @@ ebt_check_vlan(const char *tablename, | |||
91 | unsigned int hooknr, | 92 | unsigned int hooknr, |
92 | const struct ebt_entry *e, void *data, unsigned int datalen) | 93 | const struct ebt_entry *e, void *data, unsigned int datalen) |
93 | { | 94 | { |
94 | struct ebt_vlan_info *info = (struct ebt_vlan_info *) data; | 95 | struct ebt_vlan_info *info = data; |
95 | 96 | ||
96 | /* Parameters buffer overflow check */ | 97 | /* Parameters buffer overflow check */ |
97 | if (datalen != EBT_ALIGN(sizeof(struct ebt_vlan_info))) { | 98 | if (datalen != EBT_ALIGN(sizeof(struct ebt_vlan_info))) { |