aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c11
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c26
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c8
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c2
-rw-r--r--net/ipv4/netfilter/ipt_TTL.c2
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c6
-rw-r--r--net/ipv4/netfilter/ipt_ah.c3
-rw-r--r--net/ipv4/netfilter/ipt_ecn.c3
-rw-r--r--net/ipv4/netfilter/ipt_recent.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c4
10 files changed, 39 insertions, 28 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index e82339a78c01..2de7ae0180aa 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -235,12 +235,13 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
235#endif 235#endif
236 236
237static inline u_int32_t 237static inline u_int32_t
238clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) 238clusterip_hashfn(const struct sk_buff *skb,
239 const struct clusterip_config *config)
239{ 240{
240 struct iphdr *iph = ip_hdr(skb); 241 const struct iphdr *iph = ip_hdr(skb);
241 unsigned long hashval; 242 unsigned long hashval;
242 u_int16_t sport, dport; 243 u_int16_t sport, dport;
243 u_int16_t *ports; 244 const u_int16_t *ports;
244 245
245 switch (iph->protocol) { 246 switch (iph->protocol) {
246 case IPPROTO_TCP: 247 case IPPROTO_TCP:
@@ -249,7 +250,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config)
249 case IPPROTO_SCTP: 250 case IPPROTO_SCTP:
250 case IPPROTO_DCCP: 251 case IPPROTO_DCCP:
251 case IPPROTO_ICMP: 252 case IPPROTO_ICMP:
252 ports = (void *)iph+iph->ihl*4; 253 ports = (const void *)iph+iph->ihl*4;
253 sport = ports[0]; 254 sport = ports[0];
254 dport = ports[1]; 255 dport = ports[1];
255 break; 256 break;
@@ -289,7 +290,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config)
289} 290}
290 291
291static inline int 292static inline int
292clusterip_responsible(struct clusterip_config *config, u_int32_t hash) 293clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
293{ 294{
294 return test_bit(hash - 1, &config->local_nodes); 295 return test_bit(hash - 1, &config->local_nodes);
295} 296}
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index bbff6c352ef8..bcc43a625e72 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -41,7 +41,8 @@ static void dump_packet(const struct nf_loginfo *info,
41 const struct sk_buff *skb, 41 const struct sk_buff *skb,
42 unsigned int iphoff) 42 unsigned int iphoff)
43{ 43{
44 struct iphdr _iph, *ih; 44 struct iphdr _iph;
45 const struct iphdr *ih;
45 unsigned int logflags; 46 unsigned int logflags;
46 47
47 if (info->type == NF_LOG_TYPE_LOG) 48 if (info->type == NF_LOG_TYPE_LOG)
@@ -100,7 +101,8 @@ static void dump_packet(const struct nf_loginfo *info,
100 101
101 switch (ih->protocol) { 102 switch (ih->protocol) {
102 case IPPROTO_TCP: { 103 case IPPROTO_TCP: {
103 struct tcphdr _tcph, *th; 104 struct tcphdr _tcph;
105 const struct tcphdr *th;
104 106
105 /* Max length: 10 "PROTO=TCP " */ 107 /* Max length: 10 "PROTO=TCP " */
106 printk("PROTO=TCP "); 108 printk("PROTO=TCP ");
@@ -151,7 +153,7 @@ static void dump_packet(const struct nf_loginfo *info,
151 if ((logflags & IPT_LOG_TCPOPT) 153 if ((logflags & IPT_LOG_TCPOPT)
152 && th->doff * 4 > sizeof(struct tcphdr)) { 154 && th->doff * 4 > sizeof(struct tcphdr)) {
153 unsigned char _opt[4 * 15 - sizeof(struct tcphdr)]; 155 unsigned char _opt[4 * 15 - sizeof(struct tcphdr)];
154 unsigned char *op; 156 const unsigned char *op;
155 unsigned int i, optsize; 157 unsigned int i, optsize;
156 158
157 optsize = th->doff * 4 - sizeof(struct tcphdr); 159 optsize = th->doff * 4 - sizeof(struct tcphdr);
@@ -173,7 +175,8 @@ static void dump_packet(const struct nf_loginfo *info,
173 } 175 }
174 case IPPROTO_UDP: 176 case IPPROTO_UDP:
175 case IPPROTO_UDPLITE: { 177 case IPPROTO_UDPLITE: {
176 struct udphdr _udph, *uh; 178 struct udphdr _udph;
179 const struct udphdr *uh;
177 180
178 if (ih->protocol == IPPROTO_UDP) 181 if (ih->protocol == IPPROTO_UDP)
179 /* Max length: 10 "PROTO=UDP " */ 182 /* Max length: 10 "PROTO=UDP " */
@@ -200,7 +203,8 @@ static void dump_packet(const struct nf_loginfo *info,
200 break; 203 break;
201 } 204 }
202 case IPPROTO_ICMP: { 205 case IPPROTO_ICMP: {
203 struct icmphdr _icmph, *ich; 206 struct icmphdr _icmph;
207 const struct icmphdr *ich;
204 static const size_t required_len[NR_ICMP_TYPES+1] 208 static const size_t required_len[NR_ICMP_TYPES+1]
205 = { [ICMP_ECHOREPLY] = 4, 209 = { [ICMP_ECHOREPLY] = 4,
206 [ICMP_DEST_UNREACH] 210 [ICMP_DEST_UNREACH]
@@ -285,7 +289,8 @@ static void dump_packet(const struct nf_loginfo *info,
285 } 289 }
286 /* Max Length */ 290 /* Max Length */
287 case IPPROTO_AH: { 291 case IPPROTO_AH: {
288 struct ip_auth_hdr _ahdr, *ah; 292 struct ip_auth_hdr _ahdr;
293 const struct ip_auth_hdr *ah;
289 294
290 if (ntohs(ih->frag_off) & IP_OFFSET) 295 if (ntohs(ih->frag_off) & IP_OFFSET)
291 break; 296 break;
@@ -307,7 +312,8 @@ static void dump_packet(const struct nf_loginfo *info,
307 break; 312 break;
308 } 313 }
309 case IPPROTO_ESP: { 314 case IPPROTO_ESP: {
310 struct ip_esp_hdr _esph, *eh; 315 struct ip_esp_hdr _esph;
316 const struct ip_esp_hdr *eh;
311 317
312 /* Max length: 10 "PROTO=ESP " */ 318 /* Max length: 10 "PROTO=ESP " */
313 printk("PROTO=ESP "); 319 printk("PROTO=ESP ");
@@ -385,11 +391,13 @@ ipt_log_packet(unsigned int pf,
385 out ? out->name : ""); 391 out ? out->name : "");
386#ifdef CONFIG_BRIDGE_NETFILTER 392#ifdef CONFIG_BRIDGE_NETFILTER
387 if (skb->nf_bridge) { 393 if (skb->nf_bridge) {
388 struct net_device *physindev = skb->nf_bridge->physindev; 394 const struct net_device *physindev;
389 struct net_device *physoutdev = skb->nf_bridge->physoutdev; 395 const struct net_device *physoutdev;
390 396
397 physindev = skb->nf_bridge->physindev;
391 if (physindev && in != physindev) 398 if (physindev && in != physindev)
392 printk("PHYSIN=%s ", physindev->name); 399 printk("PHYSIN=%s ", physindev->name);
400 physoutdev = skb->nf_bridge->physoutdev;
393 if (physoutdev && out != physoutdev) 401 if (physoutdev && out != physoutdev)
394 printk("PHYSOUT=%s ", physoutdev->name); 402 printk("PHYSOUT=%s ", physoutdev->name);
395 } 403 }
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index b5b216408ee7..846a0e727218 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -70,7 +70,7 @@ masquerade_target(struct sk_buff **pskb,
70 enum ip_conntrack_info ctinfo; 70 enum ip_conntrack_info ctinfo;
71 struct nf_nat_range newrange; 71 struct nf_nat_range newrange;
72 const struct nf_nat_multi_range_compat *mr; 72 const struct nf_nat_multi_range_compat *mr;
73 struct rtable *rt; 73 const struct rtable *rt;
74 __be32 newsrc; 74 __be32 newsrc;
75 75
76 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 76 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
@@ -112,7 +112,7 @@ masquerade_target(struct sk_buff **pskb,
112static inline int 112static inline int
113device_cmp(struct nf_conn *i, void *ifindex) 113device_cmp(struct nf_conn *i, void *ifindex)
114{ 114{
115 struct nf_conn_nat *nat = nfct_nat(i); 115 const struct nf_conn_nat *nat = nfct_nat(i);
116 int ret; 116 int ret;
117 117
118 if (!nat) 118 if (!nat)
@@ -129,7 +129,7 @@ static int masq_device_event(struct notifier_block *this,
129 unsigned long event, 129 unsigned long event,
130 void *ptr) 130 void *ptr)
131{ 131{
132 struct net_device *dev = ptr; 132 const struct net_device *dev = ptr;
133 133
134 if (event == NETDEV_DOWN) { 134 if (event == NETDEV_DOWN) {
135 /* Device was downed. Search entire table for 135 /* Device was downed. Search entire table for
@@ -147,7 +147,7 @@ static int masq_inet_event(struct notifier_block *this,
147 unsigned long event, 147 unsigned long event,
148 void *ptr) 148 void *ptr)
149{ 149{
150 struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; 150 const struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev;
151 151
152 if (event == NETDEV_DOWN) { 152 if (event == NETDEV_DOWN) {
153 /* IP address was deleted. Search entire table for 153 /* IP address was deleted. Search entire table for
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 5c3270d325f3..90f7b7093785 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -122,7 +122,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
122 tcph->check = 0; 122 tcph->check = 0;
123 tcph->check = tcp_v4_check(sizeof(struct tcphdr), 123 tcph->check = tcp_v4_check(sizeof(struct tcphdr),
124 niph->saddr, niph->daddr, 124 niph->saddr, niph->daddr,
125 csum_partial((char *)tcph, 125 csum_partial(tcph,
126 sizeof(struct tcphdr), 0)); 126 sizeof(struct tcphdr), 0));
127 127
128 /* Set DF, id = 0 */ 128 /* Set DF, id = 0 */
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 96b6e3514c22..f53f2c4ca4a1 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -68,7 +68,7 @@ static bool ipt_ttl_checkentry(const char *tablename,
68 void *targinfo, 68 void *targinfo,
69 unsigned int hook_mask) 69 unsigned int hook_mask)
70{ 70{
71 struct ipt_TTL_info *info = targinfo; 71 const struct ipt_TTL_info *info = targinfo;
72 72
73 if (info->mode > IPT_TTL_MAXMODE) { 73 if (info->mode > IPT_TTL_MAXMODE) {
74 printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", 74 printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index dfa7afd84763..282eb00fc471 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -334,7 +334,7 @@ static bool ipt_ulog_checkentry(const char *tablename,
334 void *targinfo, 334 void *targinfo,
335 unsigned int hookmask) 335 unsigned int hookmask)
336{ 336{
337 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; 337 const struct ipt_ulog_info *loginfo = targinfo;
338 338
339 if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { 339 if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
340 DEBUGP("ipt_ULOG: prefix term %i\n", 340 DEBUGP("ipt_ULOG: prefix term %i\n",
@@ -359,7 +359,7 @@ struct compat_ipt_ulog_info {
359 359
360static void compat_from_user(void *dst, void *src) 360static void compat_from_user(void *dst, void *src)
361{ 361{
362 struct compat_ipt_ulog_info *cl = src; 362 const struct compat_ipt_ulog_info *cl = src;
363 struct ipt_ulog_info l = { 363 struct ipt_ulog_info l = {
364 .nl_group = cl->nl_group, 364 .nl_group = cl->nl_group,
365 .copy_range = cl->copy_range, 365 .copy_range = cl->copy_range,
@@ -372,7 +372,7 @@ static void compat_from_user(void *dst, void *src)
372 372
373static int compat_to_user(void __user *dst, void *src) 373static int compat_to_user(void __user *dst, void *src)
374{ 374{
375 struct ipt_ulog_info *l = src; 375 const struct ipt_ulog_info *l = src;
376 struct compat_ipt_ulog_info cl = { 376 struct compat_ipt_ulog_info cl = {
377 .nl_group = l->nl_group, 377 .nl_group = l->nl_group,
378 .copy_range = l->copy_range, 378 .copy_range = l->copy_range,
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 6b5b7c9f7392..49d503cbab09 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -46,7 +46,8 @@ match(const struct sk_buff *skb,
46 unsigned int protoff, 46 unsigned int protoff,
47 bool *hotdrop) 47 bool *hotdrop)
48{ 48{
49 struct ip_auth_hdr _ahdr, *ah; 49 struct ip_auth_hdr _ahdr;
50 const struct ip_auth_hdr *ah;
50 const struct ipt_ah *ahinfo = matchinfo; 51 const struct ipt_ah *ahinfo = matchinfo;
51 52
52 /* Must not be a fragment. */ 53 /* Must not be a fragment. */
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index ba4f5497add3..3129e3106162 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -32,7 +32,8 @@ static inline bool match_tcp(const struct sk_buff *skb,
32 const struct ipt_ecn_info *einfo, 32 const struct ipt_ecn_info *einfo,
33 bool *hotdrop) 33 bool *hotdrop)
34{ 34{
35 struct tcphdr _tcph, *th; 35 struct tcphdr _tcph;
36 const struct tcphdr *th;
36 37
37 /* In practice, TCP match does this, so can't fail. But let's 38 /* In practice, TCP match does this, so can't fail. But let's
38 * be good citizens. 39 * be good citizens.
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index d632e0e6ef16..d03e6a6eb767 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -323,7 +323,7 @@ struct recent_iter_state {
323static void *recent_seq_start(struct seq_file *seq, loff_t *pos) 323static void *recent_seq_start(struct seq_file *seq, loff_t *pos)
324{ 324{
325 struct recent_iter_state *st = seq->private; 325 struct recent_iter_state *st = seq->private;
326 struct recent_table *t = st->table; 326 const struct recent_table *t = st->table;
327 struct recent_entry *e; 327 struct recent_entry *e;
328 loff_t p = *pos; 328 loff_t p = *pos;
329 329
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index b1aa5983a95b..ef0a99e09fd1 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -190,7 +190,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
190 tcph->check = 0; 190 tcph->check = 0;
191 tcph->check = tcp_v4_check(datalen, 191 tcph->check = tcp_v4_check(datalen,
192 iph->saddr, iph->daddr, 192 iph->saddr, iph->daddr,
193 csum_partial((char *)tcph, 193 csum_partial(tcph,
194 datalen, 0)); 194 datalen, 0));
195 } 195 }
196 } else 196 } else
@@ -278,7 +278,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
278 udph->check = 0; 278 udph->check = 0;
279 udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, 279 udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
280 datalen, IPPROTO_UDP, 280 datalen, IPPROTO_UDP,
281 csum_partial((char *)udph, 281 csum_partial(udph,
282 datalen, 0)); 282 datalen, 0));
283 if (!udph->check) 283 if (!udph->check)
284 udph->check = CSUM_MANGLED_0; 284 udph->check = CSUM_MANGLED_0;