Commit a47362a2 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by David S. Miller

[NETFILTER]: add some consts, remove some casts

Make a number of variables const and/or remove unneeded casts.
Signed-off-by: default avatarJan Engelhardt <jengelh@gmx.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e1931b78
...@@ -235,12 +235,13 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum) ...@@ -235,12 +235,13 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
#endif #endif
static inline u_int32_t static inline u_int32_t
clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) clusterip_hashfn(const struct sk_buff *skb,
const struct clusterip_config *config)
{ {
struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);
unsigned long hashval; unsigned long hashval;
u_int16_t sport, dport; u_int16_t sport, dport;
u_int16_t *ports; const u_int16_t *ports;
switch (iph->protocol) { switch (iph->protocol) {
case IPPROTO_TCP: case IPPROTO_TCP:
...@@ -249,7 +250,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) ...@@ -249,7 +250,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config)
case IPPROTO_SCTP: case IPPROTO_SCTP:
case IPPROTO_DCCP: case IPPROTO_DCCP:
case IPPROTO_ICMP: case IPPROTO_ICMP:
ports = (void *)iph+iph->ihl*4; ports = (const void *)iph+iph->ihl*4;
sport = ports[0]; sport = ports[0];
dport = ports[1]; dport = ports[1];
break; break;
...@@ -289,7 +290,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) ...@@ -289,7 +290,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config)
} }
static inline int static inline int
clusterip_responsible(struct clusterip_config *config, u_int32_t hash) clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
{ {
return test_bit(hash - 1, &config->local_nodes); return test_bit(hash - 1, &config->local_nodes);
} }
......
...@@ -41,7 +41,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -41,7 +41,8 @@ static void dump_packet(const struct nf_loginfo *info,
const struct sk_buff *skb, const struct sk_buff *skb,
unsigned int iphoff) unsigned int iphoff)
{ {
struct iphdr _iph, *ih; struct iphdr _iph;
const struct iphdr *ih;
unsigned int logflags; unsigned int logflags;
if (info->type == NF_LOG_TYPE_LOG) if (info->type == NF_LOG_TYPE_LOG)
...@@ -100,7 +101,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -100,7 +101,8 @@ static void dump_packet(const struct nf_loginfo *info,
switch (ih->protocol) { switch (ih->protocol) {
case IPPROTO_TCP: { case IPPROTO_TCP: {
struct tcphdr _tcph, *th; struct tcphdr _tcph;
const struct tcphdr *th;
/* Max length: 10 "PROTO=TCP " */ /* Max length: 10 "PROTO=TCP " */
printk("PROTO=TCP "); printk("PROTO=TCP ");
...@@ -151,7 +153,7 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -151,7 +153,7 @@ static void dump_packet(const struct nf_loginfo *info,
if ((logflags & IPT_LOG_TCPOPT) if ((logflags & IPT_LOG_TCPOPT)
&& th->doff * 4 > sizeof(struct tcphdr)) { && th->doff * 4 > sizeof(struct tcphdr)) {
unsigned char _opt[4 * 15 - sizeof(struct tcphdr)]; unsigned char _opt[4 * 15 - sizeof(struct tcphdr)];
unsigned char *op; const unsigned char *op;
unsigned int i, optsize; unsigned int i, optsize;
optsize = th->doff * 4 - sizeof(struct tcphdr); optsize = th->doff * 4 - sizeof(struct tcphdr);
...@@ -173,7 +175,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -173,7 +175,8 @@ static void dump_packet(const struct nf_loginfo *info,
} }
case IPPROTO_UDP: case IPPROTO_UDP:
case IPPROTO_UDPLITE: { case IPPROTO_UDPLITE: {
struct udphdr _udph, *uh; struct udphdr _udph;
const struct udphdr *uh;
if (ih->protocol == IPPROTO_UDP) if (ih->protocol == IPPROTO_UDP)
/* Max length: 10 "PROTO=UDP " */ /* Max length: 10 "PROTO=UDP " */
...@@ -200,7 +203,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -200,7 +203,8 @@ static void dump_packet(const struct nf_loginfo *info,
break; break;
} }
case IPPROTO_ICMP: { case IPPROTO_ICMP: {
struct icmphdr _icmph, *ich; struct icmphdr _icmph;
const struct icmphdr *ich;
static const size_t required_len[NR_ICMP_TYPES+1] static const size_t required_len[NR_ICMP_TYPES+1]
= { [ICMP_ECHOREPLY] = 4, = { [ICMP_ECHOREPLY] = 4,
[ICMP_DEST_UNREACH] [ICMP_DEST_UNREACH]
...@@ -285,7 +289,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -285,7 +289,8 @@ static void dump_packet(const struct nf_loginfo *info,
} }
/* Max Length */ /* Max Length */
case IPPROTO_AH: { case IPPROTO_AH: {
struct ip_auth_hdr _ahdr, *ah; struct ip_auth_hdr _ahdr;
const struct ip_auth_hdr *ah;
if (ntohs(ih->frag_off) & IP_OFFSET) if (ntohs(ih->frag_off) & IP_OFFSET)
break; break;
...@@ -307,7 +312,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -307,7 +312,8 @@ static void dump_packet(const struct nf_loginfo *info,
break; break;
} }
case IPPROTO_ESP: { case IPPROTO_ESP: {
struct ip_esp_hdr _esph, *eh; struct ip_esp_hdr _esph;
const struct ip_esp_hdr *eh;
/* Max length: 10 "PROTO=ESP " */ /* Max length: 10 "PROTO=ESP " */
printk("PROTO=ESP "); printk("PROTO=ESP ");
...@@ -385,11 +391,13 @@ ipt_log_packet(unsigned int pf, ...@@ -385,11 +391,13 @@ ipt_log_packet(unsigned int pf,
out ? out->name : ""); out ? out->name : "");
#ifdef CONFIG_BRIDGE_NETFILTER #ifdef CONFIG_BRIDGE_NETFILTER
if (skb->nf_bridge) { if (skb->nf_bridge) {
struct net_device *physindev = skb->nf_bridge->physindev; const struct net_device *physindev;
struct net_device *physoutdev = skb->nf_bridge->physoutdev; const struct net_device *physoutdev;
physindev = skb->nf_bridge->physindev;
if (physindev && in != physindev) if (physindev && in != physindev)
printk("PHYSIN=%s ", physindev->name); printk("PHYSIN=%s ", physindev->name);
physoutdev = skb->nf_bridge->physoutdev;
if (physoutdev && out != physoutdev) if (physoutdev && out != physoutdev)
printk("PHYSOUT=%s ", physoutdev->name); printk("PHYSOUT=%s ", physoutdev->name);
} }
......
...@@ -70,7 +70,7 @@ masquerade_target(struct sk_buff **pskb, ...@@ -70,7 +70,7 @@ masquerade_target(struct sk_buff **pskb,
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
struct nf_nat_range newrange; struct nf_nat_range newrange;
const struct nf_nat_multi_range_compat *mr; const struct nf_nat_multi_range_compat *mr;
struct rtable *rt; const struct rtable *rt;
__be32 newsrc; __be32 newsrc;
NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
...@@ -112,7 +112,7 @@ masquerade_target(struct sk_buff **pskb, ...@@ -112,7 +112,7 @@ masquerade_target(struct sk_buff **pskb,
static inline int static inline int
device_cmp(struct nf_conn *i, void *ifindex) device_cmp(struct nf_conn *i, void *ifindex)
{ {
struct nf_conn_nat *nat = nfct_nat(i); const struct nf_conn_nat *nat = nfct_nat(i);
int ret; int ret;
if (!nat) if (!nat)
...@@ -129,7 +129,7 @@ static int masq_device_event(struct notifier_block *this, ...@@ -129,7 +129,7 @@ static int masq_device_event(struct notifier_block *this,
unsigned long event, unsigned long event,
void *ptr) void *ptr)
{ {
struct net_device *dev = ptr; const struct net_device *dev = ptr;
if (event == NETDEV_DOWN) { if (event == NETDEV_DOWN) {
/* Device was downed. Search entire table for /* Device was downed. Search entire table for
...@@ -147,7 +147,7 @@ static int masq_inet_event(struct notifier_block *this, ...@@ -147,7 +147,7 @@ static int masq_inet_event(struct notifier_block *this,
unsigned long event, unsigned long event,
void *ptr) void *ptr)
{ {
struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev; const struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev;
if (event == NETDEV_DOWN) { if (event == NETDEV_DOWN) {
/* IP address was deleted. Search entire table for /* IP address was deleted. Search entire table for
......
...@@ -122,7 +122,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) ...@@ -122,7 +122,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
tcph->check = 0; tcph->check = 0;
tcph->check = tcp_v4_check(sizeof(struct tcphdr), tcph->check = tcp_v4_check(sizeof(struct tcphdr),
niph->saddr, niph->daddr, niph->saddr, niph->daddr,
csum_partial((char *)tcph, csum_partial(tcph,
sizeof(struct tcphdr), 0)); sizeof(struct tcphdr), 0));
/* Set DF, id = 0 */ /* Set DF, id = 0 */
......
...@@ -68,7 +68,7 @@ static bool ipt_ttl_checkentry(const char *tablename, ...@@ -68,7 +68,7 @@ static bool ipt_ttl_checkentry(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct ipt_TTL_info *info = targinfo; const struct ipt_TTL_info *info = targinfo;
if (info->mode > IPT_TTL_MAXMODE) { if (info->mode > IPT_TTL_MAXMODE) {
printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
......
...@@ -334,7 +334,7 @@ static bool ipt_ulog_checkentry(const char *tablename, ...@@ -334,7 +334,7 @@ static bool ipt_ulog_checkentry(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hookmask) unsigned int hookmask)
{ {
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; const struct ipt_ulog_info *loginfo = targinfo;
if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
DEBUGP("ipt_ULOG: prefix term %i\n", DEBUGP("ipt_ULOG: prefix term %i\n",
...@@ -359,7 +359,7 @@ struct compat_ipt_ulog_info { ...@@ -359,7 +359,7 @@ struct compat_ipt_ulog_info {
static void compat_from_user(void *dst, void *src) static void compat_from_user(void *dst, void *src)
{ {
struct compat_ipt_ulog_info *cl = src; const struct compat_ipt_ulog_info *cl = src;
struct ipt_ulog_info l = { struct ipt_ulog_info l = {
.nl_group = cl->nl_group, .nl_group = cl->nl_group,
.copy_range = cl->copy_range, .copy_range = cl->copy_range,
...@@ -372,7 +372,7 @@ static void compat_from_user(void *dst, void *src) ...@@ -372,7 +372,7 @@ static void compat_from_user(void *dst, void *src)
static int compat_to_user(void __user *dst, void *src) static int compat_to_user(void __user *dst, void *src)
{ {
struct ipt_ulog_info *l = src; const struct ipt_ulog_info *l = src;
struct compat_ipt_ulog_info cl = { struct compat_ipt_ulog_info cl = {
.nl_group = l->nl_group, .nl_group = l->nl_group,
.copy_range = l->copy_range, .copy_range = l->copy_range,
......
...@@ -46,7 +46,8 @@ match(const struct sk_buff *skb, ...@@ -46,7 +46,8 @@ match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
struct ip_auth_hdr _ahdr, *ah; struct ip_auth_hdr _ahdr;
const struct ip_auth_hdr *ah;
const struct ipt_ah *ahinfo = matchinfo; const struct ipt_ah *ahinfo = matchinfo;
/* Must not be a fragment. */ /* Must not be a fragment. */
......
...@@ -32,7 +32,8 @@ static inline bool match_tcp(const struct sk_buff *skb, ...@@ -32,7 +32,8 @@ static inline bool match_tcp(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo, const struct ipt_ecn_info *einfo,
bool *hotdrop) bool *hotdrop)
{ {
struct tcphdr _tcph, *th; struct tcphdr _tcph;
const struct tcphdr *th;
/* In practice, TCP match does this, so can't fail. But let's /* In practice, TCP match does this, so can't fail. But let's
* be good citizens. * be good citizens.
......
...@@ -323,7 +323,7 @@ struct recent_iter_state { ...@@ -323,7 +323,7 @@ struct recent_iter_state {
static void *recent_seq_start(struct seq_file *seq, loff_t *pos) static void *recent_seq_start(struct seq_file *seq, loff_t *pos)
{ {
struct recent_iter_state *st = seq->private; struct recent_iter_state *st = seq->private;
struct recent_table *t = st->table; const struct recent_table *t = st->table;
struct recent_entry *e; struct recent_entry *e;
loff_t p = *pos; loff_t p = *pos;
......
...@@ -190,7 +190,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, ...@@ -190,7 +190,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
tcph->check = 0; tcph->check = 0;
tcph->check = tcp_v4_check(datalen, tcph->check = tcp_v4_check(datalen,
iph->saddr, iph->daddr, iph->saddr, iph->daddr,
csum_partial((char *)tcph, csum_partial(tcph,
datalen, 0)); datalen, 0));
} }
} else } else
...@@ -278,7 +278,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, ...@@ -278,7 +278,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
udph->check = 0; udph->check = 0;
udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
datalen, IPPROTO_UDP, datalen, IPPROTO_UDP,
csum_partial((char *)udph, csum_partial(udph,
datalen, 0)); datalen, 0));
if (!udph->check) if (!udph->check)
udph->check = CSUM_MANGLED_0; udph->check = CSUM_MANGLED_0;
......
...@@ -64,7 +64,7 @@ static bool ip6t_hl_checkentry(const char *tablename, ...@@ -64,7 +64,7 @@ static bool ip6t_hl_checkentry(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct ip6t_HL_info *info = targinfo; const struct ip6t_HL_info *info = targinfo;
if (info->mode > IP6T_HL_MAXMODE) { if (info->mode > IP6T_HL_MAXMODE) {
printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n", printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
......
...@@ -48,7 +48,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -48,7 +48,8 @@ static void dump_packet(const struct nf_loginfo *info,
{ {
u_int8_t currenthdr; u_int8_t currenthdr;
int fragment; int fragment;
struct ipv6hdr _ip6h, *ih; struct ipv6hdr _ip6h;
const struct ipv6hdr *ih;
unsigned int ptr; unsigned int ptr;
unsigned int hdrlen = 0; unsigned int hdrlen = 0;
unsigned int logflags; unsigned int logflags;
...@@ -78,7 +79,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -78,7 +79,8 @@ static void dump_packet(const struct nf_loginfo *info,
ptr = ip6hoff + sizeof(struct ipv6hdr); ptr = ip6hoff + sizeof(struct ipv6hdr);
currenthdr = ih->nexthdr; currenthdr = ih->nexthdr;
while (currenthdr != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) { while (currenthdr != NEXTHDR_NONE && ip6t_ext_hdr(currenthdr)) {
struct ipv6_opt_hdr _hdr, *hp; struct ipv6_opt_hdr _hdr;
const struct ipv6_opt_hdr *hp;
hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr); hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
if (hp == NULL) { if (hp == NULL) {
...@@ -92,7 +94,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -92,7 +94,8 @@ static void dump_packet(const struct nf_loginfo *info,
switch (currenthdr) { switch (currenthdr) {
case IPPROTO_FRAGMENT: { case IPPROTO_FRAGMENT: {
struct frag_hdr _fhdr, *fh; struct frag_hdr _fhdr;
const struct frag_hdr *fh;
printk("FRAG:"); printk("FRAG:");
fh = skb_header_pointer(skb, ptr, sizeof(_fhdr), fh = skb_header_pointer(skb, ptr, sizeof(_fhdr),
...@@ -131,7 +134,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -131,7 +134,8 @@ static void dump_packet(const struct nf_loginfo *info,
/* Max Length */ /* Max Length */
case IPPROTO_AH: case IPPROTO_AH:
if (logflags & IP6T_LOG_IPOPT) { if (logflags & IP6T_LOG_IPOPT) {
struct ip_auth_hdr _ahdr, *ah; struct ip_auth_hdr _ahdr;
const struct ip_auth_hdr *ah;
/* Max length: 3 "AH " */ /* Max length: 3 "AH " */
printk("AH "); printk("AH ");
...@@ -162,7 +166,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -162,7 +166,8 @@ static void dump_packet(const struct nf_loginfo *info,
break; break;
case IPPROTO_ESP: case IPPROTO_ESP:
if (logflags & IP6T_LOG_IPOPT) { if (logflags & IP6T_LOG_IPOPT) {
struct ip_esp_hdr _esph, *eh; struct ip_esp_hdr _esph;
const struct ip_esp_hdr *eh;
/* Max length: 4 "ESP " */ /* Max length: 4 "ESP " */
printk("ESP "); printk("ESP ");
...@@ -202,7 +207,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -202,7 +207,8 @@ static void dump_packet(const struct nf_loginfo *info,
switch (currenthdr) { switch (currenthdr) {
case IPPROTO_TCP: { case IPPROTO_TCP: {
struct tcphdr _tcph, *th; struct tcphdr _tcph;
const struct tcphdr *th;
/* Max length: 10 "PROTO=TCP " */ /* Max length: 10 "PROTO=TCP " */
printk("PROTO=TCP "); printk("PROTO=TCP ");
...@@ -250,7 +256,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -250,7 +256,8 @@ static void dump_packet(const struct nf_loginfo *info,
if ((logflags & IP6T_LOG_TCPOPT) if ((logflags & IP6T_LOG_TCPOPT)
&& th->doff * 4 > sizeof(struct tcphdr)) { && th->doff * 4 > sizeof(struct tcphdr)) {
u_int8_t _opt[60 - sizeof(struct tcphdr)], *op; u_int8_t _opt[60 - sizeof(struct tcphdr)];
const u_int8_t *op;
unsigned int i; unsigned int i;
unsigned int optsize = th->doff * 4 unsigned int optsize = th->doff * 4
- sizeof(struct tcphdr); - sizeof(struct tcphdr);
...@@ -273,7 +280,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -273,7 +280,8 @@ static void dump_packet(const struct nf_loginfo *info,
} }
case IPPROTO_UDP: case IPPROTO_UDP:
case IPPROTO_UDPLITE: { case IPPROTO_UDPLITE: {
struct udphdr _udph, *uh; struct udphdr _udph;
const struct udphdr *uh;
if (currenthdr == IPPROTO_UDP) if (currenthdr == IPPROTO_UDP)
/* Max length: 10 "PROTO=UDP " */ /* Max length: 10 "PROTO=UDP " */
...@@ -298,7 +306,8 @@ static void dump_packet(const struct nf_loginfo *info, ...@@ -298,7 +306,8 @@ static void dump_packet(const struct nf_loginfo *info,
break; break;
} }
case IPPROTO_ICMPV6: { case IPPROTO_ICMPV6: {
struct icmp6hdr _icmp6h, *ic; struct icmp6hdr _icmp6h;
const struct icmp6hdr *ic;
/* Max length: 13 "PROTO=ICMPv6 " */ /* Max length: 13 "PROTO=ICMPv6 " */
printk("PROTO=ICMPv6 "); printk("PROTO=ICMPv6 ");
......
...@@ -159,7 +159,7 @@ static void send_reset(struct sk_buff *oldskb) ...@@ -159,7 +159,7 @@ static void send_reset(struct sk_buff *oldskb)
tcph->check = csum_ipv6_magic(&ipv6_hdr(nskb)->saddr, tcph->check = csum_ipv6_magic(&ipv6_hdr(nskb)->saddr,
&ipv6_hdr(nskb)->daddr, &ipv6_hdr(nskb)->daddr,
sizeof(struct tcphdr), IPPROTO_TCP, sizeof(struct tcphdr), IPPROTO_TCP,
csum_partial((char *)tcph, csum_partial(tcph,
sizeof(struct tcphdr), 0)); sizeof(struct tcphdr), 0));
nf_ct_attach(nskb, oldskb); nf_ct_attach(nskb, oldskb);
......
...@@ -51,7 +51,8 @@ match(const struct sk_buff *skb, ...@@ -51,7 +51,8 @@ match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
struct ip_auth_hdr *ah, _ah; struct ip_auth_hdr _ah;
const struct ip_auth_hdr *ah;
const struct ip6t_ah *ahinfo = matchinfo; const struct ip6t_ah *ahinfo = matchinfo;
unsigned int ptr; unsigned int ptr;
unsigned int hdrlen = 0; unsigned int hdrlen = 0;
......
...@@ -50,7 +50,8 @@ match(const struct sk_buff *skb, ...@@ -50,7 +50,8 @@ match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
struct frag_hdr _frag, *fh; struct frag_hdr _frag;
const struct frag_hdr *fh;
const struct ip6t_frag *fraginfo = matchinfo; const struct ip6t_frag *fraginfo = matchinfo;
unsigned int ptr; unsigned int ptr;
int err; int err;
......
...@@ -57,14 +57,17 @@ match(const struct sk_buff *skb, ...@@ -57,14 +57,17 @@ match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
struct ipv6_opt_hdr _optsh, *oh; struct ipv6_opt_hdr _optsh;
const struct ipv6_opt_hdr *oh;
const struct ip6t_opts *optinfo = matchinfo; const struct ip6t_opts *optinfo = matchinfo;
unsigned int temp; unsigned int temp;
unsigned int ptr; unsigned int ptr;
unsigned int hdrlen = 0; unsigned int hdrlen = 0;
bool ret = false; bool ret = false;
u8 _opttype, *tp = NULL; u8 _opttype;
u8 _optlen, *lp = NULL; u8 _optlen;
const u_int8_t *tp = NULL;
const u_int8_t *lp = NULL;
unsigned int optlen; unsigned int optlen;
int err; int err;
......
...@@ -47,7 +47,8 @@ match(const struct sk_buff *skb, ...@@ -47,7 +47,8 @@ match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
struct ip6_mh _mh, *mh; struct ip6_mh _mh;
const struct ip6_mh *mh;
const struct ip6t_mh *mhinfo = matchinfo; const struct ip6t_mh *mhinfo = matchinfo;
/* Must not be a fragment. */ /* Must not be a fragment. */
......
...@@ -52,13 +52,15 @@ match(const struct sk_buff *skb, ...@@ -52,13 +52,15 @@ match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
struct ipv6_rt_hdr _route, *rh; struct ipv6_rt_hdr _route;
const struct ipv6_rt_hdr *rh;
const struct ip6t_rt *rtinfo = matchinfo; const struct ip6t_rt *rtinfo = matchinfo;
unsigned int temp; unsigned int temp;
unsigned int ptr; unsigned int ptr;
unsigned int hdrlen = 0; unsigned int hdrlen = 0;
bool ret = false; bool ret = false;
struct in6_addr *ap, _addr; struct in6_addr _addr;
const struct in6_addr *ap;
int err; int err;
err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL);
...@@ -100,9 +102,9 @@ match(const struct sk_buff *skb, ...@@ -100,9 +102,9 @@ match(const struct sk_buff *skb,
!!(rtinfo->invflags & IP6T_RT_INV_LEN)))); !!(rtinfo->invflags & IP6T_RT_INV_LEN))));
DEBUGP("res %02X %02X %02X ", DEBUGP("res %02X %02X %02X ",
(rtinfo->flags & IP6T_RT_RES), (rtinfo->flags & IP6T_RT_RES),
((struct rt0_hdr *)rh)->reserved, ((const struct rt0_hdr *)rh)->reserved,
!((rtinfo->flags & IP6T_RT_RES) && !((rtinfo->flags & IP6T_RT_RES) &&
(((struct rt0_hdr *)rh)->reserved))); (((const struct rt0_hdr *)rh)->reserved)));
ret = (rh != NULL) ret = (rh != NULL)
&& &&
......
...@@ -231,13 +231,13 @@ void nf_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb, ...@@ -231,13 +231,13 @@ void nf_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
{ {
__be32 diff[] = { ~from, to }; __be32 diff[] = { ~from, to };
if (skb->ip_summed != CHECKSUM_PARTIAL) { if (skb->ip_summed != CHECKSUM_PARTIAL) {
*sum = csum_fold(csum_partial((char *)diff, sizeof(diff), *sum = csum_fold(csum_partial(diff, sizeof(diff),
~csum_unfold(*sum))); ~csum_unfold(*sum)));
if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr)
skb->csum = ~csum_partial((char *)diff, sizeof(diff), skb->csum = ~csum_partial(diff, sizeof(diff),
~skb->csum); ~skb->csum);
} else if (pseudohdr) } else if (pseudohdr)
*sum = ~csum_fold(csum_partial((char *)diff, sizeof(diff), *sum = ~csum_fold(csum_partial(diff, sizeof(diff),
csum_unfold(*sum))); csum_unfold(*sum)));
} }
EXPORT_SYMBOL(nf_proto_csum_replace4); EXPORT_SYMBOL(nf_proto_csum_replace4);
......
...@@ -83,7 +83,7 @@ checkentry(const char *tablename, ...@@ -83,7 +83,7 @@ checkentry(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_connmark_target_info *matchinfo = targinfo; const struct xt_connmark_target_info *matchinfo = targinfo;
if (nf_ct_l3proto_try_module_get(target->family) < 0) { if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for " printk(KERN_WARNING "can't load conntrack support for "
...@@ -121,7 +121,7 @@ struct compat_xt_connmark_target_info { ...@@ -121,7 +121,7 @@ struct compat_xt_connmark_target_info {
static void compat_from_user(void *dst, void *src) static void compat_from_user(void *dst, void *src)
{ {
struct compat_xt_connmark_target_info *cm = src; const struct compat_xt_connmark_target_info *cm = src;
struct xt_connmark_target_info m = { struct xt_connmark_target_info m = {
.mark = cm->mark, .mark = cm->mark,
.mask = cm->mask, .mask = cm->mask,
...@@ -132,7 +132,7 @@ static void compat_from_user(void *dst, void *src) ...@@ -132,7 +132,7 @@ static void compat_from_user(void *dst, void *src)
static int compat_to_user(void __user *dst, void *src) static int compat_to_user(void __user *dst, void *src)
{ {
struct xt_connmark_target_info *m = src; const struct xt_connmark_target_info *m = src;
struct compat_xt_connmark_target_info cm = { struct compat_xt_connmark_target_info cm = {
.mark = m->mark, .mark = m->mark,
.mask = m->mask, .mask = m->mask,
......
...@@ -33,7 +33,7 @@ MODULE_ALIAS("ip6t_CONNSECMARK"); ...@@ -33,7 +33,7 @@ MODULE_ALIAS("ip6t_CONNSECMARK");
* If the packet has a security mark and the connection does not, copy * If the packet has a security mark and the connection does not, copy
* the security mark from the packet to the connection. * the security mark from the packet to the connection.
*/ */
static void secmark_save(struct sk_buff *skb) static void secmark_save(const struct sk_buff *skb)
{ {
if (skb->secmark) { if (skb->secmark) {
struct nf_conn *ct; struct nf_conn *ct;
...@@ -89,7 +89,7 @@ static bool checkentry(const char *tablename, const void *entry, ...@@ -89,7 +89,7 @@ static bool checkentry(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo, const struct xt_target *target, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_connsecmark_target_info *info = targinfo; const struct xt_connsecmark_target_info *info = targinfo;
if (nf_ct_l3proto_try_module_get(target->family) < 0) { if (nf_ct_l3proto_try_module_get(target->family) < 0) {
printk(KERN_WARNING "can't load conntrack support for " printk(KERN_WARNING "can't load conntrack support for "
......
...@@ -72,7 +72,7 @@ checkentry_v0(const char *tablename, ...@@ -72,7 +72,7 @@ checkentry_v0(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_mark_target_info *markinfo = targinfo; const struct xt_mark_target_info *markinfo = targinfo;
if (markinfo->mark > 0xffffffff) { if (markinfo->mark > 0xffffffff) {
printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n"); printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
...@@ -88,7 +88,7 @@ checkentry_v1(const char *tablename, ...@@ -88,7 +88,7 @@ checkentry_v1(const char *tablename,
void *targinfo, void *targinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_mark_target_info_v1 *markinfo = targinfo; const struct xt_mark_target_info_v1 *markinfo = targinfo;
if (markinfo->mode != XT_MARK_SET if (markinfo->mode != XT_MARK_SET
&& markinfo->mode != XT_MARK_AND && markinfo->mode != XT_MARK_AND
...@@ -114,7 +114,7 @@ struct compat_xt_mark_target_info_v1 { ...@@ -114,7 +114,7 @@ struct compat_xt_mark_target_info_v1 {
static void compat_from_user_v1(void *dst, void *src) static void compat_from_user_v1(void *dst, void *src)
{ {
struct compat_xt_mark_target_info_v1 *cm = src; const struct compat_xt_mark_target_info_v1 *cm = src;
struct xt_mark_target_info_v1 m = { struct xt_mark_target_info_v1 m = {
.mark = cm->mark, .mark = cm->mark,
.mode = cm->mode, .mode = cm->mode,
...@@ -124,7 +124,7 @@ static void compat_from_user_v1(void *dst, void *src) ...@@ -124,7 +124,7 @@ static void compat_from_user_v1(void *dst, void *src)
static int compat_to_user_v1(void __user *dst, void *src) static int compat_to_user_v1(void __user *dst, void *src)
{ {
struct xt_mark_target_info_v1 *m = src; const struct xt_mark_target_info_v1 *m = src;
struct compat_xt_mark_target_info_v1 cm = { struct compat_xt_mark_target_info_v1 cm = {
.mark = m->mark, .mark = m->mark,
.mode = m->mode, .mode = m->mode,
......
...@@ -43,7 +43,7 @@ nflog_checkentry(const char *tablename, const void *entry, ...@@ -43,7 +43,7 @@ nflog_checkentry(const char *tablename, const void *entry,
const struct xt_target *target, void *targetinfo, const struct xt_target *target, void *targetinfo,
unsigned int hookmask) unsigned int hookmask)
{ {
struct xt_nflog_info *info = targetinfo; const struct xt_nflog_info *info = targetinfo;
if (info->flags & ~XT_NFLOG_MASK) if (info->flags & ~XT_NFLOG_MASK)
return false; return false;
......
...@@ -26,7 +26,7 @@ match(const struct sk_buff *skb, ...@@ -26,7 +26,7 @@ match(const struct sk_buff *skb,
bool *hotdrop) bool *hotdrop)
{ {
const struct xt_connbytes_info *sinfo = matchinfo; const struct xt_connbytes_info *sinfo = matchinfo;
struct nf_conn *ct; const struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
u_int64_t what = 0; /* initialize to make gcc happy */ u_int64_t what = 0; /* initialize to make gcc happy */
u_int64_t bytes = 0; u_int64_t bytes = 0;
......
...@@ -41,7 +41,7 @@ match(const struct sk_buff *skb, ...@@ -41,7 +41,7 @@ match(const struct sk_buff *skb,
bool *hotdrop) bool *hotdrop)
{ {
const struct xt_connmark_info *info = matchinfo; const struct xt_connmark_info *info = matchinfo;
struct nf_conn *ct; const struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
...@@ -58,7 +58,7 @@ checkentry(const char *tablename, ...@@ -58,7 +58,7 @@ checkentry(const char *tablename,
void *matchinfo, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_connmark_info *cm = matchinfo; const struct xt_connmark_info *cm = matchinfo;
if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) { if (cm->mark > 0xffffffff || cm->mask > 0xffffffff) {
printk(KERN_WARNING "connmark: only support 32bit mark\n"); printk(KERN_WARNING "connmark: only support 32bit mark\n");
...@@ -88,7 +88,7 @@ struct compat_xt_connmark_info { ...@@ -88,7 +88,7 @@ struct compat_xt_connmark_info {
static void compat_from_user(void *dst, void *src) static void compat_from_user(void *dst, void *src)
{ {
struct compat_xt_connmark_info *cm = src; const struct compat_xt_connmark_info *cm = src;
struct xt_connmark_info m = { struct xt_connmark_info m = {
.mark = cm->mark, .mark = cm->mark,
.mask = cm->mask, .mask = cm->mask,
...@@ -99,7 +99,7 @@ static void compat_from_user(void *dst, void *src) ...@@ -99,7 +99,7 @@ static void compat_from_user(void *dst, void *src)
static int compat_to_user(void __user *dst, void *src) static int compat_to_user(void __user *dst, void *src)
{ {
struct xt_connmark_info *m = src; const struct xt_connmark_info *m = src;
struct compat_xt_connmark_info cm = { struct compat_xt_connmark_info cm = {
.mark = m->mark, .mark = m->mark,
.mask = m->mask, .mask = m->mask,
......
...@@ -30,11 +30,11 @@ match(const struct sk_buff *skb, ...@@ -30,11 +30,11 @@ match(const struct sk_buff *skb,
bool *hotdrop) bool *hotdrop)
{ {
const struct xt_conntrack_info *sinfo = matchinfo; const struct xt_conntrack_info *sinfo = matchinfo;
struct nf_conn *ct; const struct nf_conn *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
unsigned int statebit; unsigned int statebit;
ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
#define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg)) #define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg))
...@@ -150,7 +150,7 @@ struct compat_xt_conntrack_info ...@@ -150,7 +150,7 @@ struct compat_xt_conntrack_info
static void compat_from_user(void *dst, void *src) static void compat_from_user(void *dst, void *src)
{ {
struct compat_xt_conntrack_info *cm = src; const struct compat_xt_conntrack_info *cm = src;
struct xt_conntrack_info m = { struct xt_conntrack_info m = {
.statemask = cm->statemask, .statemask = cm->statemask,
.statusmask = cm->statusmask, .statusmask = cm->statusmask,
...@@ -167,7 +167,7 @@ static void compat_from_user(void *dst, void *src) ...@@ -167,7 +167,7 @@ static void compat_from_user(void *dst, void *src)
static int compat_to_user(void __user *dst, void *src) static int compat_to_user(void __user *dst, void *src)
{ {
struct xt_conntrack_info *m = src; const struct xt_conntrack_info *m = src;
struct compat_xt_conntrack_info cm = { struct compat_xt_conntrack_info cm = {
.statemask = m->statemask, .statemask = m->statemask,
.statusmask = m->statusmask, .statusmask = m->statusmask,
......
...@@ -39,7 +39,7 @@ dccp_find_option(u_int8_t option, ...@@ -39,7 +39,7 @@ dccp_find_option(u_int8_t option,
bool *hotdrop) bool *hotdrop)
{ {
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
unsigned char *op; const unsigned char *op;
unsigned int optoff = __dccp_hdr_len(dh); unsigned int optoff = __dccp_hdr_len(dh);
unsigned int optlen = dh->dccph_doff*4 - __dccp_hdr_len(dh); unsigned int optlen = dh->dccph_doff*4 - __dccp_hdr_len(dh);
unsigned int i; unsigned int i;
......
...@@ -95,7 +95,7 @@ static HLIST_HEAD(hashlimit_htables); ...@@ -95,7 +95,7 @@ static HLIST_HEAD(hashlimit_htables);
static struct kmem_cache *hashlimit_cachep __read_mostly; static struct kmem_cache *hashlimit_cachep __read_mostly;
static inline bool dst_cmp(const struct dsthash_ent *ent, static inline bool dst_cmp(const struct dsthash_ent *ent,
struct dsthash_dst *b) const struct dsthash_dst *b)
{ {
return !memcmp(&ent->dst, b, sizeof(ent->dst)); return !memcmp(&ent->dst, b, sizeof(ent->dst));
} }
...@@ -107,7 +107,8 @@ hash_dst(const struct xt_hashlimit_htable *ht, const struct dsthash_dst *dst) ...@@ -107,7 +107,8 @@ hash_dst(const struct xt_hashlimit_htable *ht, const struct dsthash_dst *dst)
} }
static struct dsthash_ent * static struct dsthash_ent *
dsthash_find(const struct xt_hashlimit_htable *ht, struct dsthash_dst *dst) dsthash_find(const struct xt_hashlimit_htable *ht,
const struct dsthash_dst *dst)
{ {
struct dsthash_ent *ent; struct dsthash_ent *ent;
struct hlist_node *pos; struct hlist_node *pos;
...@@ -123,7 +124,8 @@ dsthash_find(const struct xt_hashlimit_htable *ht, struct dsthash_dst *dst) ...@@ -123,7 +124,8 @@ dsthash_find(const struct xt_hashlimit_htable *ht, struct dsthash_dst *dst)
/* allocate dsthash_ent, initialize dst, put in htable and lock it */ /* allocate dsthash_ent, initialize dst, put in htable and lock it */
static struct dsthash_ent * static struct dsthash_ent *
dsthash_alloc_init(struct xt_hashlimit_htable *ht, struct dsthash_dst *dst) dsthash_alloc_init(struct xt_hashlimit_htable *ht,
const struct dsthash_dst *dst)
{ {
struct dsthash_ent *ent; struct dsthash_ent *ent;
...@@ -228,19 +230,21 @@ static int htable_create(struct xt_hashlimit_info *minfo, int family) ...@@ -228,19 +230,21 @@ static int htable_create(struct xt_hashlimit_info *minfo, int family)
return 0; return 0;
} }
static bool select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) static bool select_all(const struct xt_hashlimit_htable *ht,
const struct dsthash_ent *he)
{ {
return 1; return 1;
} }
static bool select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he) static bool select_gc(const struct xt_hashlimit_htable *ht,
const struct dsthash_ent *he)
{ {
return (jiffies >= he->expires); return (jiffies >= he->expires);
} }
static void htable_selective_cleanup(struct xt_hashlimit_htable *ht, static void htable_selective_cleanup(struct xt_hashlimit_htable *ht,
bool (*select)(struct xt_hashlimit_htable *ht, bool (*select)(const struct xt_hashlimit_htable *ht,
struct dsthash_ent *he)) const struct dsthash_ent *he))
{ {
unsigned int i; unsigned int i;
...@@ -283,7 +287,8 @@ static void htable_destroy(struct xt_hashlimit_htable *hinfo) ...@@ -283,7 +287,8 @@ static void htable_destroy(struct xt_hashlimit_htable *hinfo)
vfree(hinfo); vfree(hinfo);
} }
static struct xt_hashlimit_htable *htable_find_get(char *name, int family) static struct xt_hashlimit_htable *htable_find_get(const char *name,
int family)
{ {
struct xt_hashlimit_htable *hinfo; struct xt_hashlimit_htable *hinfo;
struct hlist_node *pos; struct hlist_node *pos;
...@@ -368,7 +373,8 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now) ...@@ -368,7 +373,8 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now)
} }
static int static int
hashlimit_init_dst(struct xt_hashlimit_htable *hinfo, struct dsthash_dst *dst, hashlimit_init_dst(const struct xt_hashlimit_htable *hinfo,
struct dsthash_dst *dst,
const struct sk_buff *skb, unsigned int protoff) const struct sk_buff *skb, unsigned int protoff)
{ {
__be16 _ports[2], *ports; __be16 _ports[2], *ports;
...@@ -443,8 +449,8 @@ hashlimit_match(const struct sk_buff *skb, ...@@ -443,8 +449,8 @@ hashlimit_match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
struct xt_hashlimit_info *r = const struct xt_hashlimit_info *r =
((struct xt_hashlimit_info *)matchinfo)->u.master; ((const struct xt_hashlimit_info *)matchinfo)->u.master;
struct xt_hashlimit_htable *hinfo = r->hinfo; struct xt_hashlimit_htable *hinfo = r->hinfo;
unsigned long now = jiffies; unsigned long now = jiffies;
struct dsthash_ent *dh; struct dsthash_ent *dh;
...@@ -543,7 +549,7 @@ hashlimit_checkentry(const char *tablename, ...@@ -543,7 +549,7 @@ hashlimit_checkentry(const char *tablename,
static void static void
hashlimit_destroy(const struct xt_match *match, void *matchinfo) hashlimit_destroy(const struct xt_match *match, void *matchinfo)
{ {
struct xt_hashlimit_info *r = matchinfo; const struct xt_hashlimit_info *r = matchinfo;
htable_put(r->hinfo); htable_put(r->hinfo);
} }
......
...@@ -39,12 +39,12 @@ match(const struct sk_buff *skb, ...@@ -39,12 +39,12 @@ match(const struct sk_buff *skb,
bool *hotdrop) bool *hotdrop)
{ {
const struct xt_helper_info *info = matchinfo; const struct xt_helper_info *info = matchinfo;
struct nf_conn *ct; const struct nf_conn *ct;
struct nf_conn_help *master_help; const struct nf_conn_help *master_help;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
bool ret = info->invert; bool ret = info->invert;
ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
if (!ct) { if (!ct) {
DEBUGP("xt_helper: Eek! invalid conntrack?\n"); DEBUGP("xt_helper: Eek! invalid conntrack?\n");
return ret; return ret;
......
...@@ -67,7 +67,8 @@ ipt_limit_match(const struct sk_buff *skb, ...@@ -67,7 +67,8 @@ ipt_limit_match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
bool *hotdrop) bool *hotdrop)
{ {
struct xt_rateinfo *r = ((struct xt_rateinfo *)matchinfo)->master; struct xt_rateinfo *r =
((const struct xt_rateinfo *)matchinfo)->master;
unsigned long now = jiffies; unsigned long now = jiffies;
spin_lock_bh(&limit_lock); spin_lock_bh(&limit_lock);
...@@ -144,7 +145,7 @@ struct compat_xt_rateinfo { ...@@ -144,7 +145,7 @@ struct compat_xt_rateinfo {
* master pointer, which does not need to be preserved. */ * master pointer, which does not need to be preserved. */
static void compat_from_user(void *dst, void *src) static void compat_from_user(void *dst, void *src)
{ {
struct compat_xt_rateinfo *cm = src; const struct compat_xt_rateinfo *cm = src;
struct xt_rateinfo m = { struct xt_rateinfo m = {
.avg = cm->avg, .avg = cm->avg,
.burst = cm->burst, .burst = cm->burst,
...@@ -158,7 +159,7 @@ static void compat_from_user(void *dst, void *src) ...@@ -158,7 +159,7 @@ static void compat_from_user(void *dst, void *src)
static int compat_to_user(void __user *dst, void *src) static int compat_to_user(void __user *dst, void *src)
{ {
struct xt_rateinfo *m = src; const struct xt_rateinfo *m = src;
struct compat_xt_rateinfo cm = { struct compat_xt_rateinfo cm = {
.avg = m->avg, .avg = m->avg,
.burst = m->burst, .burst = m->burst,
......
...@@ -60,7 +60,7 @@ struct compat_xt_mark_info { ...@@ -60,7 +60,7 @@ struct compat_xt_mark_info {
static void compat_from_user(void *dst, void *src) static void compat_from_user(void *dst, void *src)
{ {
struct compat_xt_mark_info *cm = src; const struct compat_xt_mark_info *cm = src;
struct xt_mark_info m = { struct xt_mark_info m = {
.mark = cm->mark, .mark = cm->mark,
.mask = cm->mask, .mask = cm->mask,
...@@ -71,7 +71,7 @@ static void compat_from_user(void *dst, void *src) ...@@ -71,7 +71,7 @@ static void compat_from_user(void *dst, void *src)
static int compat_to_user(void __user *dst, void *src) static int compat_to_user(void __user *dst, void *src)
{ {
struct xt_mark_info *m = src; const struct xt_mark_info *m = src;
struct compat_xt_mark_info cm = { struct compat_xt_mark_info cm = {
.mark = m->mark, .mark = m->mark,
.mask = m->mask, .mask = m->mask,
......
...@@ -36,7 +36,7 @@ match(const struct sk_buff *skb, ...@@ -36,7 +36,7 @@ match(const struct sk_buff *skb,
const struct xt_physdev_info *info = matchinfo; const struct xt_physdev_info *info = matchinfo;
bool ret; bool ret;
const char *indev, *outdev; const char *indev, *outdev;
struct nf_bridge_info *nf_bridge; const struct nf_bridge_info *nf_bridge;
/* Not a bridged IP packet or no info available yet: /* Not a bridged IP packet or no info available yet:
* LOCAL_OUT/mangle and LOCAL_OUT/nat don't know if * LOCAL_OUT/mangle and LOCAL_OUT/nat don't know if
......
...@@ -34,7 +34,7 @@ xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m, ...@@ -34,7 +34,7 @@ xt_addr_cmp(const union xt_policy_addr *a1, const union xt_policy_addr *m,
} }
static inline bool static inline bool
match_xfrm_state(struct xfrm_state *x, const struct xt_policy_elem *e, match_xfrm_state(const struct xfrm_state *x, const struct xt_policy_elem *e,
unsigned short family) unsigned short family)
{ {
#define MATCH_ADDR(x,y,z) (!e->match.x || \ #define MATCH_ADDR(x,y,z) (!e->match.x || \
...@@ -55,7 +55,7 @@ match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info, ...@@ -55,7 +55,7 @@ match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info,
unsigned short family) unsigned short family)
{ {
const struct xt_policy_elem *e; const struct xt_policy_elem *e;
struct sec_path *sp = skb->sp; const struct sec_path *sp = skb->sp;
int strict = info->flags & XT_POLICY_MATCH_STRICT; int strict = info->flags & XT_POLICY_MATCH_STRICT;
int i, pos; int i, pos;
...@@ -85,7 +85,7 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info, ...@@ -85,7 +85,7 @@ match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info,
unsigned short family) unsigned short family)
{ {
const struct xt_policy_elem *e; const struct xt_policy_elem *e;
struct dst_entry *dst = skb->dst; const struct dst_entry *dst = skb->dst;
int strict = info->flags & XT_POLICY_MATCH_STRICT; int strict = info->flags & XT_POLICY_MATCH_STRICT;
int i, pos; int i, pos;
......
...@@ -22,7 +22,8 @@ match(const struct sk_buff *skb, ...@@ -22,7 +22,8 @@ match(const struct sk_buff *skb,
const struct xt_match *match, const void *matchinfo, const struct xt_match *match, const void *matchinfo,
int offset, unsigned int protoff, bool *hotdrop) int offset, unsigned int protoff, bool *hotdrop)
{ {
struct xt_quota_info *q = ((struct xt_quota_info *)matchinfo)->master; struct xt_quota_info *q =
((const struct xt_quota_info *)matchinfo)->master;
bool ret = q->flags & XT_QUOTA_INVERT; bool ret = q->flags & XT_QUOTA_INVERT;
spin_lock_bh(&quota_lock); spin_lock_bh(&quota_lock);
...@@ -43,7 +44,7 @@ checkentry(const char *tablename, const void *entry, ...@@ -43,7 +44,7 @@ checkentry(const char *tablename, const void *entry,
const struct xt_match *match, void *matchinfo, const struct xt_match *match, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_quota_info *q = (struct xt_quota_info *)matchinfo; struct xt_quota_info *q = matchinfo;
if (q->flags & ~XT_QUOTA_MASK) if (q->flags & ~XT_QUOTA_MASK)
return false; return false;
......
...@@ -32,7 +32,7 @@ match(const struct sk_buff *skb, ...@@ -32,7 +32,7 @@ match(const struct sk_buff *skb,
bool *hotdrop) bool *hotdrop)
{ {
const struct xt_realm_info *info = matchinfo; const struct xt_realm_info *info = matchinfo;
struct dst_entry *dst = skb->dst; const struct dst_entry *dst = skb->dst;
return (info->id == (dst->tclassid & info->mask)) ^ info->invert; return (info->id == (dst->tclassid & info->mask)) ^ info->invert;
} }
......
...@@ -57,7 +57,7 @@ checkentry(const char *tablename, const void *entry, ...@@ -57,7 +57,7 @@ checkentry(const char *tablename, const void *entry,
const struct xt_match *match, void *matchinfo, const struct xt_match *match, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo; struct xt_statistic_info *info = matchinfo;
if (info->mode > XT_STATISTIC_MODE_MAX || if (info->mode > XT_STATISTIC_MODE_MAX ||
info->flags & ~XT_STATISTIC_MASK) info->flags & ~XT_STATISTIC_MASK)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment