Commit 3cf93c96 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy

[NETFILTER]: annotate xtables targets with const and remove casts

Signed-off-by: default avatarJan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent b9f61b16
...@@ -142,7 +142,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c, ...@@ -142,7 +142,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
} }
static struct clusterip_config * static struct clusterip_config *
clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip, clusterip_config_init(const struct ipt_clusterip_tgt_info *i, __be32 ip,
struct net_device *dev) struct net_device *dev)
{ {
struct clusterip_config *c; struct clusterip_config *c;
...@@ -416,7 +416,7 @@ clusterip_tg_check(const char *tablename, const void *e_void, ...@@ -416,7 +416,7 @@ clusterip_tg_check(const char *tablename, const void *e_void,
/* drop reference count of cluster config when rule is deleted */ /* drop reference count of cluster config when rule is deleted */
static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo) static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo)
{ {
struct ipt_clusterip_tgt_info *cipinfo = targinfo; const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
/* if no more entries are referencing the config, remove it /* if no more entries are referencing the config, remove it
* from the list and destroy the proc entry */ * from the list and destroy the proc entry */
...@@ -565,7 +565,7 @@ struct clusterip_seq_position { ...@@ -565,7 +565,7 @@ struct clusterip_seq_position {
static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
{ {
struct proc_dir_entry *pde = s->private; const struct proc_dir_entry *pde = s->private;
struct clusterip_config *c = pde->data; struct clusterip_config *c = pde->data;
unsigned int weight; unsigned int weight;
u_int32_t local_nodes; u_int32_t local_nodes;
...@@ -592,7 +592,7 @@ static void *clusterip_seq_start(struct seq_file *s, loff_t *pos) ...@@ -592,7 +592,7 @@ static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos) static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos)
{ {
struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v; struct clusterip_seq_position *idx = v;
*pos = ++idx->pos; *pos = ++idx->pos;
if (*pos >= idx->weight) { if (*pos >= idx->weight) {
...@@ -611,7 +611,7 @@ static void clusterip_seq_stop(struct seq_file *s, void *v) ...@@ -611,7 +611,7 @@ static void clusterip_seq_stop(struct seq_file *s, void *v)
static int clusterip_seq_show(struct seq_file *s, void *v) static int clusterip_seq_show(struct seq_file *s, void *v)
{ {
struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v; struct clusterip_seq_position *idx = v;
if (idx->pos != 0) if (idx->pos != 0)
seq_putc(s, ','); seq_putc(s, ',');
...@@ -667,7 +667,7 @@ static ssize_t clusterip_proc_write(struct file *file, const char __user *input, ...@@ -667,7 +667,7 @@ static ssize_t clusterip_proc_write(struct file *file, const char __user *input,
{ {
#define PROC_WRITELEN 10 #define PROC_WRITELEN 10
char buffer[PROC_WRITELEN+1]; char buffer[PROC_WRITELEN+1];
struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
struct clusterip_config *c = pde->data; struct clusterip_config *c = pde->data;
unsigned long nodenum; unsigned long nodenum;
......
...@@ -100,7 +100,7 @@ ecn_tg_check(const char *tablename, const void *e_void, ...@@ -100,7 +100,7 @@ ecn_tg_check(const char *tablename, const void *e_void,
const struct xt_target *target, void *targinfo, const struct xt_target *target, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo; const struct ipt_ECN_info *einfo = targinfo;
const struct ipt_entry *e = e_void; const struct ipt_entry *e = e_void;
if (einfo->operation & IPT_ECN_OP_MASK) { if (einfo->operation & IPT_ECN_OP_MASK) {
......
...@@ -76,7 +76,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -76,7 +76,8 @@ static void dump_packet(const struct nf_loginfo *info,
if ((logflags & IPT_LOG_IPOPT) if ((logflags & IPT_LOG_IPOPT)
&& ih->ihl * 4 > sizeof(struct iphdr)) { && ih->ihl * 4 > sizeof(struct iphdr)) {
unsigned char _opt[4 * 15 - sizeof(struct iphdr)], *op; const unsigned char *op;
unsigned char _opt[4 * 15 - sizeof(struct iphdr)];
unsigned int i, optsize; unsigned int i, optsize;
optsize = ih->ihl * 4 - sizeof(struct iphdr); optsize = ih->ihl * 4 - sizeof(struct iphdr);
......
...@@ -35,8 +35,10 @@ MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv4"); ...@@ -35,8 +35,10 @@ MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv4");
static void send_reset(struct sk_buff *oldskb, int hook) static void send_reset(struct sk_buff *oldskb, int hook)
{ {
struct sk_buff *nskb; struct sk_buff *nskb;
struct iphdr *oiph, *niph; const struct iphdr *oiph;
struct tcphdr _otcph, *oth, *tcph; struct iphdr *niph;
const struct tcphdr *oth;
struct tcphdr _otcph, *tcph;
unsigned int addr_type; unsigned int addr_type;
/* IP header checks: fragment. */ /* IP header checks: fragment. */
......
...@@ -340,7 +340,7 @@ static void *recent_seq_start(struct seq_file *seq, loff_t *pos) ...@@ -340,7 +340,7 @@ static void *recent_seq_start(struct seq_file *seq, loff_t *pos)
static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos) static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos)
{ {
struct recent_iter_state *st = seq->private; struct recent_iter_state *st = seq->private;
struct recent_table *t = st->table; const struct recent_table *t = st->table;
struct recent_entry *e = v; struct recent_entry *e = v;
struct list_head *head = e->list.next; struct list_head *head = e->list.next;
...@@ -361,7 +361,7 @@ static void recent_seq_stop(struct seq_file *s, void *v) ...@@ -361,7 +361,7 @@ static void recent_seq_stop(struct seq_file *s, void *v)
static int recent_seq_show(struct seq_file *seq, void *v) static int recent_seq_show(struct seq_file *seq, void *v)
{ {
struct recent_entry *e = v; const struct recent_entry *e = v;
unsigned int i; unsigned int i;
i = (e->index - 1) % ip_pkt_list_tot; i = (e->index - 1) % ip_pkt_list_tot;
...@@ -396,7 +396,7 @@ static int recent_seq_open(struct inode *inode, struct file *file) ...@@ -396,7 +396,7 @@ static int recent_seq_open(struct inode *inode, struct file *file)
static ssize_t recent_proc_write(struct file *file, const char __user *input, static ssize_t recent_proc_write(struct file *file, const char __user *input,
size_t size, loff_t *loff) size_t size, loff_t *loff)
{ {
struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode); const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
struct recent_table *t = pde->data; struct recent_table *t = pde->data;
struct recent_entry *e; struct recent_entry *e;
char buf[sizeof("+255.255.255.255")], *c = buf; char buf[sizeof("+255.255.255.255")], *c = buf;
......
...@@ -143,7 +143,7 @@ static bool ipt_snat_checkentry(const char *tablename, ...@@ -143,7 +143,7 @@ static bool ipt_snat_checkentry(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct nf_nat_multi_range_compat *mr = targinfo; const struct nf_nat_multi_range_compat *mr = targinfo;
/* Must be a valid range */ /* Must be a valid range */
if (mr->rangesize != 1) { if (mr->rangesize != 1) {
...@@ -159,7 +159,7 @@ static bool ipt_dnat_checkentry(const char *tablename, ...@@ -159,7 +159,7 @@ static bool ipt_dnat_checkentry(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct nf_nat_multi_range_compat *mr = targinfo; const struct nf_nat_multi_range_compat *mr = targinfo;
/* Must be a valid range */ /* Must be a valid range */
if (mr->rangesize != 1) { if (mr->rangesize != 1) {
......
...@@ -41,7 +41,8 @@ static void send_reset(struct sk_buff *oldskb) ...@@ -41,7 +41,8 @@ static void send_reset(struct sk_buff *oldskb)
struct tcphdr otcph, *tcph; struct tcphdr otcph, *tcph;
unsigned int otcplen, hh_len; unsigned int otcplen, hh_len;
int tcphoff, needs_ack; int tcphoff, needs_ack;
struct ipv6hdr *oip6h = ipv6_hdr(oldskb), *ip6h; const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
struct ipv6hdr *ip6h;
struct dst_entry *dst = NULL; struct dst_entry *dst = NULL;
u8 proto; u8 proto;
struct flowi fl; struct flowi fl;
......
...@@ -49,7 +49,8 @@ ipv6header_mt6(const struct sk_buff *skb, const struct net_device *in, ...@@ -49,7 +49,8 @@ ipv6header_mt6(const struct sk_buff *skb, const struct net_device *in,
temp = 0; temp = 0;
while (ip6t_ext_hdr(nexthdr)) { while (ip6t_ext_hdr(nexthdr)) {
struct ipv6_opt_hdr _hdr, *hp; const struct ipv6_opt_hdr *hp;
struct ipv6_opt_hdr _hdr;
int hdrlen; int hdrlen;
/* Is there enough space for the next ext header? */ /* Is there enough space for the next ext header? */
......
...@@ -110,7 +110,8 @@ rt_mt6(const struct sk_buff *skb, const struct net_device *in, ...@@ -110,7 +110,8 @@ rt_mt6(const struct sk_buff *skb, const struct net_device *in,
!!(rtinfo->invflags & IP6T_RT_INV_TYP))); !!(rtinfo->invflags & IP6T_RT_INV_TYP)));
if (ret && (rtinfo->flags & IP6T_RT_RES)) { if (ret && (rtinfo->flags & IP6T_RT_RES)) {
u_int32_t *rp, _reserved; const u_int32_t *rp;
u_int32_t _reserved;
rp = skb_header_pointer(skb, rp = skb_header_pointer(skb,
ptr + offsetof(struct rt0_hdr, ptr + offsetof(struct rt0_hdr,
reserved), reserved),
......
...@@ -55,7 +55,7 @@ static void secmark_save(const struct sk_buff *skb) ...@@ -55,7 +55,7 @@ static void secmark_save(const struct sk_buff *skb)
static void secmark_restore(struct sk_buff *skb) static void secmark_restore(struct sk_buff *skb)
{ {
if (!skb->secmark) { if (!skb->secmark) {
struct nf_conn *ct; const struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
......
...@@ -96,7 +96,7 @@ xt_rateest_tg_checkentry(const char *tablename, ...@@ -96,7 +96,7 @@ xt_rateest_tg_checkentry(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_rateest_target_info *info = (void *)targinfo; struct xt_rateest_target_info *info = targinfo;
struct xt_rateest *est; struct xt_rateest *est;
struct { struct {
struct nlattr opt; struct nlattr opt;
......
...@@ -106,10 +106,10 @@ static int count_them(struct xt_connlimit_data *data, ...@@ -106,10 +106,10 @@ static int count_them(struct xt_connlimit_data *data,
const union nf_inet_addr *mask, const union nf_inet_addr *mask,
const struct xt_match *match) const struct xt_match *match)
{ {
struct nf_conntrack_tuple_hash *found; const struct nf_conntrack_tuple_hash *found;
struct xt_connlimit_conn *conn; struct xt_connlimit_conn *conn;
struct xt_connlimit_conn *tmp; struct xt_connlimit_conn *tmp;
struct nf_conn *found_ct; const struct nf_conn *found_ct;
struct list_head *hash; struct list_head *hash;
bool addit = true; bool addit = true;
int matches = 0; int matches = 0;
...@@ -256,7 +256,7 @@ connlimit_mt_check(const char *tablename, const void *ip, ...@@ -256,7 +256,7 @@ connlimit_mt_check(const char *tablename, const void *ip,
static void static void
connlimit_mt_destroy(const struct xt_match *match, void *matchinfo) connlimit_mt_destroy(const struct xt_match *match, void *matchinfo)
{ {
struct xt_connlimit_info *info = matchinfo; const struct xt_connlimit_info *info = matchinfo;
struct xt_connlimit_conn *conn; struct xt_connlimit_conn *conn;
struct xt_connlimit_conn *tmp; struct xt_connlimit_conn *tmp;
struct list_head *hash = info->data->iphash; struct list_head *hash = info->data->iphash;
......
...@@ -98,7 +98,8 @@ dccp_mt(const struct sk_buff *skb, const struct net_device *in, ...@@ -98,7 +98,8 @@ dccp_mt(const struct sk_buff *skb, const struct net_device *in,
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct xt_dccp_info *info = matchinfo; const struct xt_dccp_info *info = matchinfo;
struct dccp_hdr _dh, *dh; const struct dccp_hdr *dh;
struct dccp_hdr _dh;
if (offset) if (offset)
return false; return false;
......
...@@ -47,7 +47,8 @@ esp_mt(const struct sk_buff *skb, const struct net_device *in, ...@@ -47,7 +47,8 @@ esp_mt(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const struct xt_match *match, const struct net_device *out, const struct xt_match *match,
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
{ {
struct ip_esp_hdr _esp, *eh; const struct ip_esp_hdr *eh;
struct ip_esp_hdr _esp;
const struct xt_esp *espinfo = matchinfo; const struct xt_esp *espinfo = matchinfo;
/* Must not be a fragment. */ /* Must not be a fragment. */
......
...@@ -100,7 +100,8 @@ multiport_mt_v0(const struct sk_buff *skb, const struct net_device *in, ...@@ -100,7 +100,8 @@ multiport_mt_v0(const struct sk_buff *skb, const struct net_device *in,
const void *matchinfo, int offset, unsigned int protoff, const void *matchinfo, int offset, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
__be16 _ports[2], *pptr; const __be16 *pptr;
__be16 _ports[2];
const struct xt_multiport *multiinfo = matchinfo; const struct xt_multiport *multiinfo = matchinfo;
if (offset) if (offset)
...@@ -126,7 +127,8 @@ multiport_mt(const struct sk_buff *skb, const struct net_device *in, ...@@ -126,7 +127,8 @@ multiport_mt(const struct sk_buff *skb, const struct net_device *in,
const void *matchinfo, int offset, unsigned int protoff, const void *matchinfo, int offset, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
__be16 _ports[2], *pptr; const __be16 *pptr;
__be16 _ports[2];
const struct xt_multiport_v1 *multiinfo = matchinfo; const struct xt_multiport_v1 *multiinfo = matchinfo;
if (offset) if (offset)
......
...@@ -136,7 +136,7 @@ policy_mt_check(const char *tablename, const void *ip_void, ...@@ -136,7 +136,7 @@ policy_mt_check(const char *tablename, const void *ip_void,
const struct xt_match *match, void *matchinfo, const struct xt_match *match, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_policy_info *info = matchinfo; const struct xt_policy_info *info = matchinfo;
if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) { if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) {
printk(KERN_ERR "xt_policy: neither incoming nor " printk(KERN_ERR "xt_policy: neither incoming nor "
......
...@@ -86,7 +86,7 @@ static bool xt_rateest_mt_checkentry(const char *tablename, ...@@ -86,7 +86,7 @@ static bool xt_rateest_mt_checkentry(const char *tablename,
void *matchinfo, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_rateest_match_info *info = (void *)matchinfo; struct xt_rateest_match_info *info = matchinfo;
struct xt_rateest *est1, *est2; struct xt_rateest *est1, *est2;
if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS | if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS |
...@@ -130,7 +130,7 @@ static bool xt_rateest_mt_checkentry(const char *tablename, ...@@ -130,7 +130,7 @@ static bool xt_rateest_mt_checkentry(const char *tablename,
static void xt_rateest_mt_destroy(const struct xt_match *match, static void xt_rateest_mt_destroy(const struct xt_match *match,
void *matchinfo) void *matchinfo)
{ {
struct xt_rateest_match_info *info = (void *)matchinfo; struct xt_rateest_match_info *info = matchinfo;
xt_rateest_put(info->est1); xt_rateest_put(info->est1);
if (info->est2) if (info->est2)
......
...@@ -46,7 +46,8 @@ match_packet(const struct sk_buff *skb, ...@@ -46,7 +46,8 @@ match_packet(const struct sk_buff *skb,
bool *hotdrop) bool *hotdrop)
{ {
u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)]; u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
sctp_chunkhdr_t _sch, *sch; const sctp_chunkhdr_t *sch;
sctp_chunkhdr_t _sch;
int chunk_match_type = info->chunk_match_type; int chunk_match_type = info->chunk_match_type;
const struct xt_sctp_flag_info *flag_info = info->flag_info; const struct xt_sctp_flag_info *flag_info = info->flag_info;
int flag_count = info->flag_count; int flag_count = info->flag_count;
...@@ -121,7 +122,8 @@ sctp_mt(const struct sk_buff *skb, const struct net_device *in, ...@@ -121,7 +122,8 @@ sctp_mt(const struct sk_buff *skb, const struct net_device *in,
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
{ {
const struct xt_sctp_info *info = matchinfo; const struct xt_sctp_info *info = matchinfo;
sctp_sctphdr_t _sh, *sh; const sctp_sctphdr_t *sh;
sctp_sctphdr_t _sh;
if (offset) { if (offset) {
duprintf("Dropping non-first fragment.. FIXME\n"); duprintf("Dropping non-first fragment.. FIXME\n");
......
...@@ -31,9 +31,11 @@ tcpmss_mt(const struct sk_buff *skb, const struct net_device *in, ...@@ -31,9 +31,11 @@ tcpmss_mt(const struct sk_buff *skb, const struct net_device *in,
bool *hotdrop) bool *hotdrop)
{ {
const struct xt_tcpmss_match_info *info = matchinfo; const struct xt_tcpmss_match_info *info = matchinfo;
struct tcphdr _tcph, *th; const struct tcphdr *th;
struct tcphdr _tcph;
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
u8 _opt[15 * 4 - sizeof(_tcph)], *op; const u_int8_t *op;
u8 _opt[15 * 4 - sizeof(_tcph)];
unsigned int i, optlen; unsigned int i, optlen;
/* If we don't have the whole header, drop packet. */ /* If we don't have the whole header, drop packet. */
......
...@@ -42,7 +42,8 @@ tcp_find_option(u_int8_t option, ...@@ -42,7 +42,8 @@ tcp_find_option(u_int8_t option,
bool *hotdrop) bool *hotdrop)
{ {
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
u_int8_t _opt[60 - sizeof(struct tcphdr)], *op; const u_int8_t *op;
u_int8_t _opt[60 - sizeof(struct tcphdr)];
unsigned int i; unsigned int i;
duprintf("tcp_match: finding option\n"); duprintf("tcp_match: finding option\n");
...@@ -72,7 +73,8 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in, ...@@ -72,7 +73,8 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const struct xt_match *match, const struct net_device *out, const struct xt_match *match,
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
{ {
struct tcphdr _tcph, *th; const struct tcphdr *th;
struct tcphdr _tcph;
const struct xt_tcp *tcpinfo = matchinfo; const struct xt_tcp *tcpinfo = matchinfo;
if (offset) { if (offset) {
...@@ -144,7 +146,8 @@ udp_mt(const struct sk_buff *skb, const struct net_device *in, ...@@ -144,7 +146,8 @@ udp_mt(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const struct xt_match *match, const struct net_device *out, const struct xt_match *match,
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
{ {
struct udphdr _udph, *uh; const struct udphdr *uh;
struct udphdr _udph;
const struct xt_udp *udpinfo = matchinfo; const struct xt_udp *udpinfo = matchinfo;
/* Must not be a fragment. */ /* Must not be a fragment. */
......
...@@ -223,7 +223,7 @@ time_mt_check(const char *tablename, const void *ip, ...@@ -223,7 +223,7 @@ time_mt_check(const char *tablename, const void *ip,
const struct xt_match *match, void *matchinfo, const struct xt_match *match, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_time_info *info = matchinfo; const struct xt_time_info *info = matchinfo;
if (info->daytime_start > XT_TIME_MAX_DAYTIME || if (info->daytime_start > XT_TIME_MAX_DAYTIME ||
info->daytime_stop > XT_TIME_MAX_DAYTIME) { info->daytime_stop > XT_TIME_MAX_DAYTIME) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment