aboutsummaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/netfilter/ebt_802_3.c6
-rw-r--r--net/bridge/netfilter/ebt_among.c24
-rw-r--r--net/bridge/netfilter/ebt_arp.c13
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c13
-rw-r--r--net/bridge/netfilter/ebt_dnat.c4
-rw-r--r--net/bridge/netfilter/ebt_ip.c10
-rw-r--r--net/bridge/netfilter/ebt_limit.c2
-rw-r--r--net/bridge/netfilter/ebt_log.c18
-rw-r--r--net/bridge/netfilter/ebt_mark.c4
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c4
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c4
-rw-r--r--net/bridge/netfilter/ebt_redirect.c4
-rw-r--r--net/bridge/netfilter/ebt_snat.c7
-rw-r--r--net/bridge/netfilter/ebt_stp.c24
-rw-r--r--net/bridge/netfilter/ebt_ulog.c4
-rw-r--r--net/bridge/netfilter/ebt_vlan.c7
16 files changed, 85 insertions, 63 deletions
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 41a78072cd0e..ac1730b32aa2 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -15,8 +15,8 @@
15static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in, 15static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in,
16 const struct net_device *out, const void *data, unsigned int datalen) 16 const struct net_device *out, const void *data, unsigned int datalen)
17{ 17{
18 struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; 18 const struct ebt_802_3_info *info = data;
19 struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); 19 const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);
20 __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; 20 __be16 type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type;
21 21
22 if (info->bitmask & EBT_802_3_SAP) { 22 if (info->bitmask & EBT_802_3_SAP) {
@@ -40,7 +40,7 @@ static struct ebt_match filter_802_3;
40static int ebt_802_3_check(const char *tablename, unsigned int hookmask, 40static int ebt_802_3_check(const char *tablename, unsigned int hookmask,
41 const struct ebt_entry *e, void *data, unsigned int datalen) 41 const struct ebt_entry *e, void *data, unsigned int datalen)
42{ 42{
43 struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; 43 const struct ebt_802_3_info *info = data;
44 44
45 if (datalen < sizeof(struct ebt_802_3_info)) 45 if (datalen < sizeof(struct ebt_802_3_info))
46 return -EINVAL; 46 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 6436d30a550e..318157e1565d 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -25,7 +25,7 @@ static int ebt_mac_wormhash_contains(const struct ebt_mac_wormhash *wh,
25 const struct ebt_mac_wormhash_tuple *p; 25 const struct ebt_mac_wormhash_tuple *p;
26 int start, limit, i; 26 int start, limit, i;
27 uint32_t cmp[2] = { 0, 0 }; 27 uint32_t cmp[2] = { 0, 0 };
28 int key = (const unsigned char) mac[5]; 28 int key = ((const unsigned char *)mac)[5];
29 29
30 memcpy(((char *) cmp) + 2, mac, 6); 30 memcpy(((char *) cmp) + 2, mac, 6);
31 start = wh->table[key]; 31 start = wh->table[key];
@@ -73,15 +73,18 @@ static int ebt_mac_wormhash_check_integrity(const struct ebt_mac_wormhash
73static int get_ip_dst(const struct sk_buff *skb, __be32 *addr) 73static int get_ip_dst(const struct sk_buff *skb, __be32 *addr)
74{ 74{
75 if (eth_hdr(skb)->h_proto == htons(ETH_P_IP)) { 75 if (eth_hdr(skb)->h_proto == htons(ETH_P_IP)) {
76 struct iphdr _iph, *ih; 76 const struct iphdr *ih;
77 struct iphdr _iph;
77 78
78 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); 79 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);
79 if (ih == NULL) 80 if (ih == NULL)
80 return -1; 81 return -1;
81 *addr = ih->daddr; 82 *addr = ih->daddr;
82 } else if (eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { 83 } else if (eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) {
83 struct arphdr _arph, *ah; 84 const struct arphdr *ah;
84 __be32 buf, *bp; 85 struct arphdr _arph;
86 const __be32 *bp;
87 __be32 buf;
85 88
86 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); 89 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
87 if (ah == NULL || 90 if (ah == NULL ||
@@ -101,15 +104,18 @@ static int get_ip_dst(const struct sk_buff *skb, __be32 *addr)
101static int get_ip_src(const struct sk_buff *skb, __be32 *addr) 104static int get_ip_src(const struct sk_buff *skb, __be32 *addr)
102{ 105{
103 if (eth_hdr(skb)->h_proto == htons(ETH_P_IP)) { 106 if (eth_hdr(skb)->h_proto == htons(ETH_P_IP)) {
104 struct iphdr _iph, *ih; 107 const struct iphdr *ih;
108 struct iphdr _iph;
105 109
106 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); 110 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);
107 if (ih == NULL) 111 if (ih == NULL)
108 return -1; 112 return -1;
109 *addr = ih->saddr; 113 *addr = ih->saddr;
110 } else if (eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { 114 } else if (eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) {
111 struct arphdr _arph, *ah; 115 const struct arphdr *ah;
112 __be32 buf, *bp; 116 struct arphdr _arph;
117 const __be32 *bp;
118 __be32 buf;
113 119
114 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); 120 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
115 if (ah == NULL || 121 if (ah == NULL ||
@@ -130,7 +136,7 @@ static int ebt_filter_among(const struct sk_buff *skb,
130 const struct net_device *out, const void *data, 136 const struct net_device *out, const void *data,
131 unsigned int datalen) 137 unsigned int datalen)
132{ 138{
133 struct ebt_among_info *info = (struct ebt_among_info *) data; 139 const struct ebt_among_info *info = data;
134 const char *dmac, *smac; 140 const char *dmac, *smac;
135 const struct ebt_mac_wormhash *wh_dst, *wh_src; 141 const struct ebt_mac_wormhash *wh_dst, *wh_src;
136 __be32 dip = 0, sip = 0; 142 __be32 dip = 0, sip = 0;
@@ -175,7 +181,7 @@ static int ebt_among_check(const char *tablename, unsigned int hookmask,
175 const struct ebt_entry *e, void *data, 181 const struct ebt_entry *e, void *data,
176 unsigned int datalen) 182 unsigned int datalen)
177{ 183{
178 struct ebt_among_info *info = (struct ebt_among_info *) data; 184 const struct ebt_among_info *info = data;
179 int expected_length = sizeof(struct ebt_among_info); 185 int expected_length = sizeof(struct ebt_among_info);
180 const struct ebt_mac_wormhash *wh_dst, *wh_src; 186 const struct ebt_mac_wormhash *wh_dst, *wh_src;
181 int err; 187 int err;
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index 18141392a9b4..933433ede38f 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -18,8 +18,9 @@
18static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in, 18static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in,
19 const struct net_device *out, const void *data, unsigned int datalen) 19 const struct net_device *out, const void *data, unsigned int datalen)
20{ 20{
21 struct ebt_arp_info *info = (struct ebt_arp_info *)data; 21 const struct ebt_arp_info *info = data;
22 struct arphdr _arph, *ah; 22 const struct arphdr *ah;
23 struct arphdr _arph;
23 24
24 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); 25 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
25 if (ah == NULL) 26 if (ah == NULL)
@@ -35,7 +36,8 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in
35 return EBT_NOMATCH; 36 return EBT_NOMATCH;
36 37
37 if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) { 38 if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_GRAT)) {
38 __be32 saddr, daddr, *sap, *dap; 39 const __be32 *sap, *dap;
40 __be32 saddr, daddr;
39 41
40 if (ah->ar_pln != sizeof(__be32) || ah->ar_pro != htons(ETH_P_IP)) 42 if (ah->ar_pln != sizeof(__be32) || ah->ar_pro != htons(ETH_P_IP))
41 return EBT_NOMATCH; 43 return EBT_NOMATCH;
@@ -61,7 +63,8 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in
61 } 63 }
62 64
63 if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) { 65 if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) {
64 unsigned char _mac[ETH_ALEN], *mp; 66 const unsigned char *mp;
67 unsigned char _mac[ETH_ALEN];
65 uint8_t verdict, i; 68 uint8_t verdict, i;
66 69
67 if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER)) 70 if (ah->ar_hln != ETH_ALEN || ah->ar_hrd != htons(ARPHRD_ETHER))
@@ -100,7 +103,7 @@ static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in
100static int ebt_arp_check(const char *tablename, unsigned int hookmask, 103static int ebt_arp_check(const char *tablename, unsigned int hookmask,
101 const struct ebt_entry *e, void *data, unsigned int datalen) 104 const struct ebt_entry *e, void *data, unsigned int datalen)
102{ 105{
103 struct ebt_arp_info *info = (struct ebt_arp_info *)data; 106 const struct ebt_arp_info *info = data;
104 107
105 if (datalen != EBT_ALIGN(sizeof(struct ebt_arp_info))) 108 if (datalen != EBT_ALIGN(sizeof(struct ebt_arp_info)))
106 return -EINVAL; 109 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index 48a80e423287..7b6a8c13ccd8 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -19,10 +19,13 @@ static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
19 const struct net_device *in, const struct net_device *out, 19 const struct net_device *in, const struct net_device *out,
20 const void *data, unsigned int datalen) 20 const void *data, unsigned int datalen)
21{ 21{
22 struct ebt_arpreply_info *info = (struct ebt_arpreply_info *)data; 22 struct ebt_arpreply_info *info = (void *)data;
23 __be32 _sip, *siptr, _dip, *diptr; 23 const __be32 *siptr, *diptr;
24 struct arphdr _ah, *ap; 24 __be32 _sip, _dip;
25 unsigned char _sha[ETH_ALEN], *shp; 25 const struct arphdr *ap;
26 struct arphdr _ah;
27 const unsigned char *shp;
28 unsigned char _sha[ETH_ALEN];
26 29
27 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); 30 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
28 if (ap == NULL) 31 if (ap == NULL)
@@ -58,7 +61,7 @@ static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
58static int ebt_target_reply_check(const char *tablename, unsigned int hookmask, 61static int ebt_target_reply_check(const char *tablename, unsigned int hookmask,
59 const struct ebt_entry *e, void *data, unsigned int datalen) 62 const struct ebt_entry *e, void *data, unsigned int datalen)
60{ 63{
61 struct ebt_arpreply_info *info = (struct ebt_arpreply_info *)data; 64 const struct ebt_arpreply_info *info = data;
62 65
63 if (datalen != EBT_ALIGN(sizeof(struct ebt_arpreply_info))) 66 if (datalen != EBT_ALIGN(sizeof(struct ebt_arpreply_info)))
64 return -EINVAL; 67 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index 74262e9a566a..6ad91609b6ad 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -18,7 +18,7 @@ static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
18 const struct net_device *in, const struct net_device *out, 18 const struct net_device *in, const struct net_device *out,
19 const void *data, unsigned int datalen) 19 const void *data, unsigned int datalen)
20{ 20{
21 struct ebt_nat_info *info = (struct ebt_nat_info *)data; 21 const struct ebt_nat_info *info = data;
22 22
23 if (skb_make_writable(skb, 0)) 23 if (skb_make_writable(skb, 0))
24 return NF_DROP; 24 return NF_DROP;
@@ -30,7 +30,7 @@ static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
30static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask, 30static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask,
31 const struct ebt_entry *e, void *data, unsigned int datalen) 31 const struct ebt_entry *e, void *data, unsigned int datalen)
32{ 32{
33 struct ebt_nat_info *info = (struct ebt_nat_info *)data; 33 const struct ebt_nat_info *info = data;
34 34
35 if (BASE_CHAIN && info->target == EBT_RETURN) 35 if (BASE_CHAIN && info->target == EBT_RETURN)
36 return -EINVAL; 36 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index 69f7f0ab9c76..82934f9b1e02 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -28,9 +28,11 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in,
28 const struct net_device *out, const void *data, 28 const struct net_device *out, const void *data,
29 unsigned int datalen) 29 unsigned int datalen)
30{ 30{
31 struct ebt_ip_info *info = (struct ebt_ip_info *)data; 31 const struct ebt_ip_info *info = data;
32 struct iphdr _iph, *ih; 32 const struct iphdr *ih;
33 struct tcpudphdr _ports, *pptr; 33 struct iphdr _iph;
34 const struct tcpudphdr *pptr;
35 struct tcpudphdr _ports;
34 36
35 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); 37 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);
36 if (ih == NULL) 38 if (ih == NULL)
@@ -79,7 +81,7 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in,
79static int ebt_ip_check(const char *tablename, unsigned int hookmask, 81static int ebt_ip_check(const char *tablename, unsigned int hookmask,
80 const struct ebt_entry *e, void *data, unsigned int datalen) 82 const struct ebt_entry *e, void *data, unsigned int datalen)
81{ 83{
82 struct ebt_ip_info *info = (struct ebt_ip_info *)data; 84 const struct ebt_ip_info *info = data;
83 85
84 if (datalen != EBT_ALIGN(sizeof(struct ebt_ip_info))) 86 if (datalen != EBT_ALIGN(sizeof(struct ebt_ip_info)))
85 return -EINVAL; 87 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index d48fa5cb26cf..2eb5cb79662d 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -69,7 +69,7 @@ user2credits(u_int32_t user)
69static int ebt_limit_check(const char *tablename, unsigned int hookmask, 69static int ebt_limit_check(const char *tablename, unsigned int hookmask,
70 const struct ebt_entry *e, void *data, unsigned int datalen) 70 const struct ebt_entry *e, void *data, unsigned int datalen)
71{ 71{
72 struct ebt_limit_info *info = (struct ebt_limit_info *)data; 72 struct ebt_limit_info *info = data;
73 73
74 if (datalen != EBT_ALIGN(sizeof(struct ebt_limit_info))) 74 if (datalen != EBT_ALIGN(sizeof(struct ebt_limit_info)))
75 return -EINVAL; 75 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 3be9e9898553..40560d64d8c0 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -24,7 +24,7 @@ static DEFINE_SPINLOCK(ebt_log_lock);
24static int ebt_log_check(const char *tablename, unsigned int hookmask, 24static int ebt_log_check(const char *tablename, unsigned int hookmask,
25 const struct ebt_entry *e, void *data, unsigned int datalen) 25 const struct ebt_entry *e, void *data, unsigned int datalen)
26{ 26{
27 struct ebt_log_info *info = (struct ebt_log_info *)data; 27 struct ebt_log_info *info = data;
28 28
29 if (datalen != EBT_ALIGN(sizeof(struct ebt_log_info))) 29 if (datalen != EBT_ALIGN(sizeof(struct ebt_log_info)))
30 return -EINVAL; 30 return -EINVAL;
@@ -50,7 +50,7 @@ struct arppayload
50 unsigned char ip_dst[4]; 50 unsigned char ip_dst[4];
51}; 51};
52 52
53static void print_MAC(unsigned char *p) 53static void print_MAC(const unsigned char *p)
54{ 54{
55 int i; 55 int i;
56 56
@@ -84,7 +84,8 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum,
84 84
85 if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto == 85 if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
86 htons(ETH_P_IP)){ 86 htons(ETH_P_IP)){
87 struct iphdr _iph, *ih; 87 const struct iphdr *ih;
88 struct iphdr _iph;
88 89
89 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); 90 ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);
90 if (ih == NULL) { 91 if (ih == NULL) {
@@ -99,7 +100,8 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum,
99 ih->protocol == IPPROTO_UDPLITE || 100 ih->protocol == IPPROTO_UDPLITE ||
100 ih->protocol == IPPROTO_SCTP || 101 ih->protocol == IPPROTO_SCTP ||
101 ih->protocol == IPPROTO_DCCP) { 102 ih->protocol == IPPROTO_DCCP) {
102 struct tcpudphdr _ports, *pptr; 103 const struct tcpudphdr *pptr;
104 struct tcpudphdr _ports;
103 105
104 pptr = skb_header_pointer(skb, ih->ihl*4, 106 pptr = skb_header_pointer(skb, ih->ihl*4,
105 sizeof(_ports), &_ports); 107 sizeof(_ports), &_ports);
@@ -116,7 +118,8 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum,
116 if ((bitmask & EBT_LOG_ARP) && 118 if ((bitmask & EBT_LOG_ARP) &&
117 ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) || 119 ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) ||
118 (eth_hdr(skb)->h_proto == htons(ETH_P_RARP)))) { 120 (eth_hdr(skb)->h_proto == htons(ETH_P_RARP)))) {
119 struct arphdr _arph, *ah; 121 const struct arphdr *ah;
122 struct arphdr _arph;
120 123
121 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph); 124 ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
122 if (ah == NULL) { 125 if (ah == NULL) {
@@ -132,7 +135,8 @@ ebt_log_packet(unsigned int pf, unsigned int hooknum,
132 if (ah->ar_hrd == htons(1) && 135 if (ah->ar_hrd == htons(1) &&
133 ah->ar_hln == ETH_ALEN && 136 ah->ar_hln == ETH_ALEN &&
134 ah->ar_pln == sizeof(__be32)) { 137 ah->ar_pln == sizeof(__be32)) {
135 struct arppayload _arpp, *ap; 138 const struct arppayload *ap;
139 struct arppayload _arpp;
136 140
137 ap = skb_header_pointer(skb, sizeof(_arph), 141 ap = skb_header_pointer(skb, sizeof(_arph),
138 sizeof(_arpp), &_arpp); 142 sizeof(_arpp), &_arpp);
@@ -160,7 +164,7 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
160 const struct net_device *in, const struct net_device *out, 164 const struct net_device *in, const struct net_device *out,
161 const void *data, unsigned int datalen) 165 const void *data, unsigned int datalen)
162{ 166{
163 struct ebt_log_info *info = (struct ebt_log_info *)data; 167 const struct ebt_log_info *info = data;
164 struct nf_loginfo li; 168 struct nf_loginfo li;
165 169
166 li.type = NF_LOG_TYPE_LOG; 170 li.type = NF_LOG_TYPE_LOG;
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index 6cba54309c09..6fe93dfee9b0 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -21,7 +21,7 @@ static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
21 const struct net_device *in, const struct net_device *out, 21 const struct net_device *in, const struct net_device *out,
22 const void *data, unsigned int datalen) 22 const void *data, unsigned int datalen)
23{ 23{
24 struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; 24 const struct ebt_mark_t_info *info = data;
25 int action = info->target & -16; 25 int action = info->target & -16;
26 26
27 if (action == MARK_SET_VALUE) 27 if (action == MARK_SET_VALUE)
@@ -39,7 +39,7 @@ static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
39static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, 39static int ebt_target_mark_check(const char *tablename, unsigned int hookmask,
40 const struct ebt_entry *e, void *data, unsigned int datalen) 40 const struct ebt_entry *e, void *data, unsigned int datalen)
41{ 41{
42 struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; 42 const struct ebt_mark_t_info *info = data;
43 int tmp; 43 int tmp;
44 44
45 if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_t_info))) 45 if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_t_info)))
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index 6b0d2169af74..0acab0917a63 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -16,7 +16,7 @@ static int ebt_filter_mark(const struct sk_buff *skb,
16 const struct net_device *in, const struct net_device *out, const void *data, 16 const struct net_device *in, const struct net_device *out, const void *data,
17 unsigned int datalen) 17 unsigned int datalen)
18{ 18{
19 struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data; 19 const struct ebt_mark_m_info *info = data;
20 20
21 if (info->bitmask & EBT_MARK_OR) 21 if (info->bitmask & EBT_MARK_OR)
22 return !(!!(skb->mark & info->mask) ^ info->invert); 22 return !(!!(skb->mark & info->mask) ^ info->invert);
@@ -26,7 +26,7 @@ static int ebt_filter_mark(const struct sk_buff *skb,
26static int ebt_mark_check(const char *tablename, unsigned int hookmask, 26static int ebt_mark_check(const char *tablename, unsigned int hookmask,
27 const struct ebt_entry *e, void *data, unsigned int datalen) 27 const struct ebt_entry *e, void *data, unsigned int datalen)
28{ 28{
29 struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data; 29 const struct ebt_mark_m_info *info = data;
30 30
31 if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_m_info))) 31 if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_m_info)))
32 return -EINVAL; 32 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index 4fffd70e4da7..a15cf061bafb 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -18,7 +18,7 @@ static int ebt_filter_pkttype(const struct sk_buff *skb,
18 const void *data, 18 const void *data,
19 unsigned int datalen) 19 unsigned int datalen)
20{ 20{
21 struct ebt_pkttype_info *info = (struct ebt_pkttype_info *)data; 21 const struct ebt_pkttype_info *info = data;
22 22
23 return (skb->pkt_type != info->pkt_type) ^ info->invert; 23 return (skb->pkt_type != info->pkt_type) ^ info->invert;
24} 24}
@@ -26,7 +26,7 @@ static int ebt_filter_pkttype(const struct sk_buff *skb,
26static int ebt_pkttype_check(const char *tablename, unsigned int hookmask, 26static int ebt_pkttype_check(const char *tablename, unsigned int hookmask,
27 const struct ebt_entry *e, void *data, unsigned int datalen) 27 const struct ebt_entry *e, void *data, unsigned int datalen)
28{ 28{
29 struct ebt_pkttype_info *info = (struct ebt_pkttype_info *)data; 29 const struct ebt_pkttype_info *info = data;
30 30
31 if (datalen != EBT_ALIGN(sizeof(struct ebt_pkttype_info))) 31 if (datalen != EBT_ALIGN(sizeof(struct ebt_pkttype_info)))
32 return -EINVAL; 32 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 422cb834cff9..c1f9ca293e9c 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -19,7 +19,7 @@ static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr,
19 const struct net_device *in, const struct net_device *out, 19 const struct net_device *in, const struct net_device *out,
20 const void *data, unsigned int datalen) 20 const void *data, unsigned int datalen)
21{ 21{
22 struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; 22 const struct ebt_redirect_info *info = data;
23 23
24 if (skb_make_writable(skb, 0)) 24 if (skb_make_writable(skb, 0))
25 return NF_DROP; 25 return NF_DROP;
@@ -36,7 +36,7 @@ static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr,
36static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask, 36static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask,
37 const struct ebt_entry *e, void *data, unsigned int datalen) 37 const struct ebt_entry *e, void *data, unsigned int datalen)
38{ 38{
39 struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; 39 const struct ebt_redirect_info *info = data;
40 40
41 if (datalen != EBT_ALIGN(sizeof(struct ebt_redirect_info))) 41 if (datalen != EBT_ALIGN(sizeof(struct ebt_redirect_info)))
42 return -EINVAL; 42 return -EINVAL;
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index 425ac920904d..6bc263c58981 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -20,7 +20,7 @@ static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr,
20 const struct net_device *in, const struct net_device *out, 20 const struct net_device *in, const struct net_device *out,
21 const void *data, unsigned int datalen) 21 const void *data, unsigned int datalen)
22{ 22{
23 struct ebt_nat_info *info = (struct ebt_nat_info *) data; 23 const struct ebt_nat_info *info = data;
24 24
25 if (skb_make_writable(skb, 0)) 25 if (skb_make_writable(skb, 0))
26 return NF_DROP; 26 return NF_DROP;
@@ -28,7 +28,8 @@ static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr,
28 memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN); 28 memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN);
29 if (!(info->target & NAT_ARP_BIT) && 29 if (!(info->target & NAT_ARP_BIT) &&
30 eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { 30 eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) {
31 struct arphdr _ah, *ap; 31 const struct arphdr *ap;
32 struct arphdr _ah;
32 33
33 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); 34 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
34 if (ap == NULL) 35 if (ap == NULL)
@@ -45,7 +46,7 @@ out:
45static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, 46static int ebt_target_snat_check(const char *tablename, unsigned int hookmask,
46 const struct ebt_entry *e, void *data, unsigned int datalen) 47 const struct ebt_entry *e, void *data, unsigned int datalen)
47{ 48{
48 struct ebt_nat_info *info = (struct ebt_nat_info *) data; 49 const struct ebt_nat_info *info = data;
49 int tmp; 50 int tmp;
50 51
51 if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info))) 52 if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info)))
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 31b77367319c..fe323c4db58e 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -40,10 +40,10 @@ struct stp_config_pdu {
40#define NR16(p) (p[0] << 8 | p[1]) 40#define NR16(p) (p[0] << 8 | p[1])
41#define NR32(p) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]) 41#define NR32(p) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3])
42 42
43static int ebt_filter_config(struct ebt_stp_info *info, 43static int ebt_filter_config(const struct ebt_stp_info *info,
44 struct stp_config_pdu *stpc) 44 const struct stp_config_pdu *stpc)
45{ 45{
46 struct ebt_stp_config_info *c; 46 const struct ebt_stp_config_info *c;
47 uint16_t v16; 47 uint16_t v16;
48 uint32_t v32; 48 uint32_t v32;
49 int verdict, i; 49 int verdict, i;
@@ -122,9 +122,10 @@ static int ebt_filter_config(struct ebt_stp_info *info,
122static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in, 122static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in,
123 const struct net_device *out, const void *data, unsigned int datalen) 123 const struct net_device *out, const void *data, unsigned int datalen)
124{ 124{
125 struct ebt_stp_info *info = (struct ebt_stp_info *)data; 125 const struct ebt_stp_info *info = data;
126 struct stp_header _stph, *sp; 126 const struct stp_header *sp;
127 uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00}; 127 struct stp_header _stph;
128 const uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00};
128 129
129 sp = skb_header_pointer(skb, 0, sizeof(_stph), &_stph); 130 sp = skb_header_pointer(skb, 0, sizeof(_stph), &_stph);
130 if (sp == NULL) 131 if (sp == NULL)
@@ -140,7 +141,8 @@ static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in
140 141
141 if (sp->type == BPDU_TYPE_CONFIG && 142 if (sp->type == BPDU_TYPE_CONFIG &&
142 info->bitmask & EBT_STP_CONFIG_MASK) { 143 info->bitmask & EBT_STP_CONFIG_MASK) {
143 struct stp_config_pdu _stpc, *st; 144 const struct stp_config_pdu *st;
145 struct stp_config_pdu _stpc;
144 146
145 st = skb_header_pointer(skb, sizeof(_stph), 147 st = skb_header_pointer(skb, sizeof(_stph),
146 sizeof(_stpc), &_stpc); 148 sizeof(_stpc), &_stpc);
@@ -154,10 +156,10 @@ static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in
154static int ebt_stp_check(const char *tablename, unsigned int hookmask, 156static int ebt_stp_check(const char *tablename, unsigned int hookmask,
155 const struct ebt_entry *e, void *data, unsigned int datalen) 157 const struct ebt_entry *e, void *data, unsigned int datalen)
156{ 158{
157 struct ebt_stp_info *info = (struct ebt_stp_info *)data; 159 const struct ebt_stp_info *info = data;
158 int len = EBT_ALIGN(sizeof(struct ebt_stp_info)); 160 const unsigned int len = EBT_ALIGN(sizeof(struct ebt_stp_info));
159 uint8_t bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 }; 161 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};
160 uint8_t msk[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 162 const uint8_t msk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
161 163
162 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || 164 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
163 !(info->bitmask & EBT_STP_MASK)) 165 !(info->bitmask & EBT_STP_MASK))
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index 8e7b00b68d38..2015711d94b9 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -249,7 +249,7 @@ static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
249 const struct net_device *in, const struct net_device *out, 249 const struct net_device *in, const struct net_device *out,
250 const void *data, unsigned int datalen) 250 const void *data, unsigned int datalen)
251{ 251{
252 struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data; 252 const struct ebt_ulog_info *uloginfo = data;
253 253
254 ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL); 254 ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL);
255} 255}
@@ -258,7 +258,7 @@ static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
258static int ebt_ulog_check(const char *tablename, unsigned int hookmask, 258static int ebt_ulog_check(const char *tablename, unsigned int hookmask,
259 const struct ebt_entry *e, void *data, unsigned int datalen) 259 const struct ebt_entry *e, void *data, unsigned int datalen)
260{ 260{
261 struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data; 261 struct ebt_ulog_info *uloginfo = data;
262 262
263 if (datalen != EBT_ALIGN(sizeof(struct ebt_ulog_info)) || 263 if (datalen != EBT_ALIGN(sizeof(struct ebt_ulog_info)) ||
264 uloginfo->nlgroup > 31) 264 uloginfo->nlgroup > 31)
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index 0ddf7499d496..097d06701e49 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -46,8 +46,9 @@ ebt_filter_vlan(const struct sk_buff *skb,
46 const struct net_device *out, 46 const struct net_device *out,
47 const void *data, unsigned int datalen) 47 const void *data, unsigned int datalen)
48{ 48{
49 struct ebt_vlan_info *info = (struct ebt_vlan_info *) data; 49 const struct ebt_vlan_info *info = data;
50 struct vlan_hdr _frame, *fp; 50 const struct vlan_hdr *fp;
51 struct vlan_hdr _frame;
51 52
52 unsigned short TCI; /* Whole TCI, given from parsed frame */ 53 unsigned short TCI; /* Whole TCI, given from parsed frame */
53 unsigned short id; /* VLAN ID, given from frame TCI */ 54 unsigned short id; /* VLAN ID, given from frame TCI */
@@ -91,7 +92,7 @@ ebt_check_vlan(const char *tablename,
91 unsigned int hooknr, 92 unsigned int hooknr,
92 const struct ebt_entry *e, void *data, unsigned int datalen) 93 const struct ebt_entry *e, void *data, unsigned int datalen)
93{ 94{
94 struct ebt_vlan_info *info = (struct ebt_vlan_info *) data; 95 struct ebt_vlan_info *info = data;
95 96
96 /* Parameters buffer overflow check */ 97 /* Parameters buffer overflow check */
97 if (datalen != EBT_ALIGN(sizeof(struct ebt_vlan_info))) { 98 if (datalen != EBT_ALIGN(sizeof(struct ebt_vlan_info))) {