diff options
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/ipt_CLUSTERIP.c | 11 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_LOG.c | 26 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_MASQUERADE.c | 8 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_REJECT.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_TTL.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ULOG.c | 6 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ah.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ecn.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_recent.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_helper.c | 4 |
10 files changed, 39 insertions, 28 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index e82339a78c01..2de7ae0180aa 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -235,12 +235,13 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) | |||
235 | #endif | 235 | #endif |
236 | 236 | ||
237 | static inline u_int32_t | 237 | static inline u_int32_t |
238 | clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) | 238 | clusterip_hashfn(const struct sk_buff *skb, |
239 | const struct clusterip_config *config) | ||
239 | { | 240 | { |
240 | struct iphdr *iph = ip_hdr(skb); | 241 | const struct iphdr *iph = ip_hdr(skb); |
241 | unsigned long hashval; | 242 | unsigned long hashval; |
242 | u_int16_t sport, dport; | 243 | u_int16_t sport, dport; |
243 | u_int16_t *ports; | 244 | const u_int16_t *ports; |
244 | 245 | ||
245 | switch (iph->protocol) { | 246 | switch (iph->protocol) { |
246 | case IPPROTO_TCP: | 247 | case IPPROTO_TCP: |
@@ -249,7 +250,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) | |||
249 | case IPPROTO_SCTP: | 250 | case IPPROTO_SCTP: |
250 | case IPPROTO_DCCP: | 251 | case IPPROTO_DCCP: |
251 | case IPPROTO_ICMP: | 252 | case IPPROTO_ICMP: |
252 | ports = (void *)iph+iph->ihl*4; | 253 | ports = (const void *)iph+iph->ihl*4; |
253 | sport = ports[0]; | 254 | sport = ports[0]; |
254 | dport = ports[1]; | 255 | dport = ports[1]; |
255 | break; | 256 | break; |
@@ -289,7 +290,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) | |||
289 | } | 290 | } |
290 | 291 | ||
291 | static inline int | 292 | static inline int |
292 | clusterip_responsible(struct clusterip_config *config, u_int32_t hash) | 293 | clusterip_responsible(const struct clusterip_config *config, u_int32_t hash) |
293 | { | 294 | { |
294 | return test_bit(hash - 1, &config->local_nodes); | 295 | return test_bit(hash - 1, &config->local_nodes); |
295 | } | 296 | } |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index bbff6c352ef8..bcc43a625e72 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
@@ -41,7 +41,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
41 | const struct sk_buff *skb, | 41 | const struct sk_buff *skb, |
42 | unsigned int iphoff) | 42 | unsigned int iphoff) |
43 | { | 43 | { |
44 | struct iphdr _iph, *ih; | 44 | struct iphdr _iph; |
45 | const struct iphdr *ih; | ||
45 | unsigned int logflags; | 46 | unsigned int logflags; |
46 | 47 | ||
47 | if (info->type == NF_LOG_TYPE_LOG) | 48 | if (info->type == NF_LOG_TYPE_LOG) |
@@ -100,7 +101,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
100 | 101 | ||
101 | switch (ih->protocol) { | 102 | switch (ih->protocol) { |
102 | case IPPROTO_TCP: { | 103 | case IPPROTO_TCP: { |
103 | struct tcphdr _tcph, *th; | 104 | struct tcphdr _tcph; |
105 | const struct tcphdr *th; | ||
104 | 106 | ||
105 | /* Max length: 10 "PROTO=TCP " */ | 107 | /* Max length: 10 "PROTO=TCP " */ |
106 | printk("PROTO=TCP "); | 108 | printk("PROTO=TCP "); |
@@ -151,7 +153,7 @@ static void dump_packet(const struct nf_loginfo *info, | |||
151 | if ((logflags & IPT_LOG_TCPOPT) | 153 | if ((logflags & IPT_LOG_TCPOPT) |
152 | && th->doff * 4 > sizeof(struct tcphdr)) { | 154 | && th->doff * 4 > sizeof(struct tcphdr)) { |
153 | unsigned char _opt[4 * 15 - sizeof(struct tcphdr)]; | 155 | unsigned char _opt[4 * 15 - sizeof(struct tcphdr)]; |
154 | unsigned char *op; | 156 | const unsigned char *op; |
155 | unsigned int i, optsize; | 157 | unsigned int i, optsize; |
156 | 158 | ||
157 | optsize = th->doff * 4 - sizeof(struct tcphdr); | 159 | optsize = th->doff * 4 - sizeof(struct tcphdr); |
@@ -173,7 +175,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
173 | } | 175 | } |
174 | case IPPROTO_UDP: | 176 | case IPPROTO_UDP: |
175 | case IPPROTO_UDPLITE: { | 177 | case IPPROTO_UDPLITE: { |
176 | struct udphdr _udph, *uh; | 178 | struct udphdr _udph; |
179 | const struct udphdr *uh; | ||
177 | 180 | ||
178 | if (ih->protocol == IPPROTO_UDP) | 181 | if (ih->protocol == IPPROTO_UDP) |
179 | /* Max length: 10 "PROTO=UDP " */ | 182 | /* Max length: 10 "PROTO=UDP " */ |
@@ -200,7 +203,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
200 | break; | 203 | break; |
201 | } | 204 | } |
202 | case IPPROTO_ICMP: { | 205 | case IPPROTO_ICMP: { |
203 | struct icmphdr _icmph, *ich; | 206 | struct icmphdr _icmph; |
207 | const struct icmphdr *ich; | ||
204 | static const size_t required_len[NR_ICMP_TYPES+1] | 208 | static const size_t required_len[NR_ICMP_TYPES+1] |
205 | = { [ICMP_ECHOREPLY] = 4, | 209 | = { [ICMP_ECHOREPLY] = 4, |
206 | [ICMP_DEST_UNREACH] | 210 | [ICMP_DEST_UNREACH] |
@@ -285,7 +289,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
285 | } | 289 | } |
286 | /* Max Length */ | 290 | /* Max Length */ |
287 | case IPPROTO_AH: { | 291 | case IPPROTO_AH: { |
288 | struct ip_auth_hdr _ahdr, *ah; | 292 | struct ip_auth_hdr _ahdr; |
293 | const struct ip_auth_hdr *ah; | ||
289 | 294 | ||
290 | if (ntohs(ih->frag_off) & IP_OFFSET) | 295 | if (ntohs(ih->frag_off) & IP_OFFSET) |
291 | break; | 296 | break; |
@@ -307,7 +312,8 @@ static void dump_packet(const struct nf_loginfo *info, | |||
307 | break; | 312 | break; |
308 | } | 313 | } |
309 | case IPPROTO_ESP: { | 314 | case IPPROTO_ESP: { |
310 | struct ip_esp_hdr _esph, *eh; | 315 | struct ip_esp_hdr _esph; |
316 | const struct ip_esp_hdr *eh; | ||
311 | 317 | ||
312 | /* Max length: 10 "PROTO=ESP " */ | 318 | /* Max length: 10 "PROTO=ESP " */ |
313 | printk("PROTO=ESP "); | 319 | printk("PROTO=ESP "); |
@@ -385,11 +391,13 @@ ipt_log_packet(unsigned int pf, | |||
385 | out ? out->name : ""); | 391 | out ? out->name : ""); |
386 | #ifdef CONFIG_BRIDGE_NETFILTER | 392 | #ifdef CONFIG_BRIDGE_NETFILTER |
387 | if (skb->nf_bridge) { | 393 | if (skb->nf_bridge) { |
388 | struct net_device *physindev = skb->nf_bridge->physindev; | 394 | const struct net_device *physindev; |
389 | struct net_device *physoutdev = skb->nf_bridge->physoutdev; | 395 | const struct net_device *physoutdev; |
390 | 396 | ||
397 | physindev = skb->nf_bridge->physindev; | ||
391 | if (physindev && in != physindev) | 398 | if (physindev && in != physindev) |
392 | printk("PHYSIN=%s ", physindev->name); | 399 | printk("PHYSIN=%s ", physindev->name); |
400 | physoutdev = skb->nf_bridge->physoutdev; | ||
393 | if (physoutdev && out != physoutdev) | 401 | if (physoutdev && out != physoutdev) |
394 | printk("PHYSOUT=%s ", physoutdev->name); | 402 | printk("PHYSOUT=%s ", physoutdev->name); |
395 | } | 403 | } |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index b5b216408ee7..846a0e727218 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
@@ -70,7 +70,7 @@ masquerade_target(struct sk_buff **pskb, | |||
70 | enum ip_conntrack_info ctinfo; | 70 | enum ip_conntrack_info ctinfo; |
71 | struct nf_nat_range newrange; | 71 | struct nf_nat_range newrange; |
72 | const struct nf_nat_multi_range_compat *mr; | 72 | const struct nf_nat_multi_range_compat *mr; |
73 | struct rtable *rt; | 73 | const struct rtable *rt; |
74 | __be32 newsrc; | 74 | __be32 newsrc; |
75 | 75 | ||
76 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 76 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); |
@@ -112,7 +112,7 @@ masquerade_target(struct sk_buff **pskb, | |||
112 | static inline int | 112 | static inline int |
113 | device_cmp(struct nf_conn *i, void *ifindex) | 113 | device_cmp(struct nf_conn *i, void *ifindex) |
114 | { | 114 | { |
115 | struct nf_conn_nat *nat = nfct_nat(i); | 115 | const struct nf_conn_nat *nat = nfct_nat(i); |
116 | int ret; | 116 | int ret; |
117 | 117 | ||
118 | if (!nat) | 118 | if (!nat) |
@@ -129,7 +129,7 @@ static int masq_device_event(struct notifier_block *this, | |||
129 | unsigned long event, | 129 | unsigned long event, |
130 | void *ptr) | 130 | void *ptr) |
131 | { | 131 | { |
132 | struct net_device *dev = ptr; | 132 | const struct net_device *dev = ptr; |
133 | 133 | ||
134 | if (event == NETDEV_DOWN) { | 134 | if (event == NETDEV_DOWN) { |
135 | /* Device was downed. Search entire table for | 135 | /* Device was downed. Search entire table for |
@@ -147,7 +147,7 @@ static int masq_inet_event(struct notifier_block *this, | |||
147 | unsigned long event, | 147 | unsigned long event, |
148 | void *ptr) | 148 | void *ptr) |
149 | { | 149 | { |
150 | struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; | 150 | const struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; |
151 | 151 | ||
152 | if (event == NETDEV_DOWN) { | 152 | if (event == NETDEV_DOWN) { |
153 | /* IP address was deleted. Search entire table for | 153 | /* IP address was deleted. Search entire table for |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index 5c3270d325f3..90f7b7093785 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -122,7 +122,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
122 | tcph->check = 0; | 122 | tcph->check = 0; |
123 | tcph->check = tcp_v4_check(sizeof(struct tcphdr), | 123 | tcph->check = tcp_v4_check(sizeof(struct tcphdr), |
124 | niph->saddr, niph->daddr, | 124 | niph->saddr, niph->daddr, |
125 | csum_partial((char *)tcph, | 125 | csum_partial(tcph, |
126 | sizeof(struct tcphdr), 0)); | 126 | sizeof(struct tcphdr), 0)); |
127 | 127 | ||
128 | /* Set DF, id = 0 */ | 128 | /* Set DF, id = 0 */ |
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c index 96b6e3514c22..f53f2c4ca4a1 100644 --- a/net/ipv4/netfilter/ipt_TTL.c +++ b/net/ipv4/netfilter/ipt_TTL.c | |||
@@ -68,7 +68,7 @@ static bool ipt_ttl_checkentry(const char *tablename, | |||
68 | void *targinfo, | 68 | void *targinfo, |
69 | unsigned int hook_mask) | 69 | unsigned int hook_mask) |
70 | { | 70 | { |
71 | struct ipt_TTL_info *info = targinfo; | 71 | const struct ipt_TTL_info *info = targinfo; |
72 | 72 | ||
73 | if (info->mode > IPT_TTL_MAXMODE) { | 73 | if (info->mode > IPT_TTL_MAXMODE) { |
74 | printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", | 74 | printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index dfa7afd84763..282eb00fc471 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -334,7 +334,7 @@ static bool ipt_ulog_checkentry(const char *tablename, | |||
334 | void *targinfo, | 334 | void *targinfo, |
335 | unsigned int hookmask) | 335 | unsigned int hookmask) |
336 | { | 336 | { |
337 | struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; | 337 | const struct ipt_ulog_info *loginfo = targinfo; |
338 | 338 | ||
339 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { | 339 | if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { |
340 | DEBUGP("ipt_ULOG: prefix term %i\n", | 340 | DEBUGP("ipt_ULOG: prefix term %i\n", |
@@ -359,7 +359,7 @@ struct compat_ipt_ulog_info { | |||
359 | 359 | ||
360 | static void compat_from_user(void *dst, void *src) | 360 | static void compat_from_user(void *dst, void *src) |
361 | { | 361 | { |
362 | struct compat_ipt_ulog_info *cl = src; | 362 | const struct compat_ipt_ulog_info *cl = src; |
363 | struct ipt_ulog_info l = { | 363 | struct ipt_ulog_info l = { |
364 | .nl_group = cl->nl_group, | 364 | .nl_group = cl->nl_group, |
365 | .copy_range = cl->copy_range, | 365 | .copy_range = cl->copy_range, |
@@ -372,7 +372,7 @@ static void compat_from_user(void *dst, void *src) | |||
372 | 372 | ||
373 | static int compat_to_user(void __user *dst, void *src) | 373 | static int compat_to_user(void __user *dst, void *src) |
374 | { | 374 | { |
375 | struct ipt_ulog_info *l = src; | 375 | const struct ipt_ulog_info *l = src; |
376 | struct compat_ipt_ulog_info cl = { | 376 | struct compat_ipt_ulog_info cl = { |
377 | .nl_group = l->nl_group, | 377 | .nl_group = l->nl_group, |
378 | .copy_range = l->copy_range, | 378 | .copy_range = l->copy_range, |
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c index 6b5b7c9f7392..49d503cbab09 100644 --- a/net/ipv4/netfilter/ipt_ah.c +++ b/net/ipv4/netfilter/ipt_ah.c | |||
@@ -46,7 +46,8 @@ match(const struct sk_buff *skb, | |||
46 | unsigned int protoff, | 46 | unsigned int protoff, |
47 | bool *hotdrop) | 47 | bool *hotdrop) |
48 | { | 48 | { |
49 | struct ip_auth_hdr _ahdr, *ah; | 49 | struct ip_auth_hdr _ahdr; |
50 | const struct ip_auth_hdr *ah; | ||
50 | const struct ipt_ah *ahinfo = matchinfo; | 51 | const struct ipt_ah *ahinfo = matchinfo; |
51 | 52 | ||
52 | /* Must not be a fragment. */ | 53 | /* Must not be a fragment. */ |
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c index ba4f5497add3..3129e3106162 100644 --- a/net/ipv4/netfilter/ipt_ecn.c +++ b/net/ipv4/netfilter/ipt_ecn.c | |||
@@ -32,7 +32,8 @@ static inline bool match_tcp(const struct sk_buff *skb, | |||
32 | const struct ipt_ecn_info *einfo, | 32 | const struct ipt_ecn_info *einfo, |
33 | bool *hotdrop) | 33 | bool *hotdrop) |
34 | { | 34 | { |
35 | struct tcphdr _tcph, *th; | 35 | struct tcphdr _tcph; |
36 | const struct tcphdr *th; | ||
36 | 37 | ||
37 | /* In practice, TCP match does this, so can't fail. But let's | 38 | /* In practice, TCP match does this, so can't fail. But let's |
38 | * be good citizens. | 39 | * be good citizens. |
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index d632e0e6ef16..d03e6a6eb767 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c | |||
@@ -323,7 +323,7 @@ struct recent_iter_state { | |||
323 | static void *recent_seq_start(struct seq_file *seq, loff_t *pos) | 323 | static void *recent_seq_start(struct seq_file *seq, loff_t *pos) |
324 | { | 324 | { |
325 | struct recent_iter_state *st = seq->private; | 325 | struct recent_iter_state *st = seq->private; |
326 | struct recent_table *t = st->table; | 326 | const struct recent_table *t = st->table; |
327 | struct recent_entry *e; | 327 | struct recent_entry *e; |
328 | loff_t p = *pos; | 328 | loff_t p = *pos; |
329 | 329 | ||
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index b1aa5983a95b..ef0a99e09fd1 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
@@ -190,7 +190,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
190 | tcph->check = 0; | 190 | tcph->check = 0; |
191 | tcph->check = tcp_v4_check(datalen, | 191 | tcph->check = tcp_v4_check(datalen, |
192 | iph->saddr, iph->daddr, | 192 | iph->saddr, iph->daddr, |
193 | csum_partial((char *)tcph, | 193 | csum_partial(tcph, |
194 | datalen, 0)); | 194 | datalen, 0)); |
195 | } | 195 | } |
196 | } else | 196 | } else |
@@ -278,7 +278,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
278 | udph->check = 0; | 278 | udph->check = 0; |
279 | udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, | 279 | udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, |
280 | datalen, IPPROTO_UDP, | 280 | datalen, IPPROTO_UDP, |
281 | csum_partial((char *)udph, | 281 | csum_partial(udph, |
282 | datalen, 0)); | 282 | datalen, 0)); |
283 | if (!udph->check) | 283 | if (!udph->check) |
284 | udph->check = CSUM_MANGLED_0; | 284 | udph->check = CSUM_MANGLED_0; |