[NETFILTER]: annotate xtables targets with const and remove casts
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
b9f61b1603
commit
3cf93c96af
@ -142,7 +142,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
|
||||
}
|
||||
|
||||
static struct clusterip_config *
|
||||
clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip,
|
||||
clusterip_config_init(const struct ipt_clusterip_tgt_info *i, __be32 ip,
|
||||
struct net_device *dev)
|
||||
{
|
||||
struct clusterip_config *c;
|
||||
@ -416,7 +416,7 @@ clusterip_tg_check(const char *tablename, const void *e_void,
|
||||
/* drop reference count of cluster config when rule is deleted */
|
||||
static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo)
|
||||
{
|
||||
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
|
||||
const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
|
||||
|
||||
/* if no more entries are referencing the config, remove it
|
||||
* from the list and destroy the proc entry */
|
||||
@ -565,7 +565,7 @@ struct clusterip_seq_position {
|
||||
|
||||
static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
|
||||
{
|
||||
struct proc_dir_entry *pde = s->private;
|
||||
const struct proc_dir_entry *pde = s->private;
|
||||
struct clusterip_config *c = pde->data;
|
||||
unsigned int weight;
|
||||
u_int32_t local_nodes;
|
||||
@ -592,7 +592,7 @@ static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
|
||||
|
||||
static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos)
|
||||
{
|
||||
struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v;
|
||||
struct clusterip_seq_position *idx = v;
|
||||
|
||||
*pos = ++idx->pos;
|
||||
if (*pos >= idx->weight) {
|
||||
@ -611,7 +611,7 @@ static void clusterip_seq_stop(struct seq_file *s, void *v)
|
||||
|
||||
static int clusterip_seq_show(struct seq_file *s, void *v)
|
||||
{
|
||||
struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v;
|
||||
struct clusterip_seq_position *idx = v;
|
||||
|
||||
if (idx->pos != 0)
|
||||
seq_putc(s, ',');
|
||||
@ -667,7 +667,7 @@ static ssize_t clusterip_proc_write(struct file *file, const char __user *input,
|
||||
{
|
||||
#define PROC_WRITELEN 10
|
||||
char buffer[PROC_WRITELEN+1];
|
||||
struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
|
||||
const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
|
||||
struct clusterip_config *c = pde->data;
|
||||
unsigned long nodenum;
|
||||
|
||||
|
@ -100,7 +100,7 @@ ecn_tg_check(const char *tablename, const void *e_void,
|
||||
const struct xt_target *target, void *targinfo,
|
||||
unsigned int hook_mask)
|
||||
{
|
||||
const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
|
||||
const struct ipt_ECN_info *einfo = targinfo;
|
||||
const struct ipt_entry *e = e_void;
|
||||
|
||||
if (einfo->operation & IPT_ECN_OP_MASK) {
|
||||
|
@ -76,7 +76,8 @@ static void dump_packet(const struct nf_loginfo *info,
|
||||
|
||||
if ((logflags & IPT_LOG_IPOPT)
|
||||
&& ih->ihl * 4 > sizeof(struct iphdr)) {
|
||||
unsigned char _opt[4 * 15 - sizeof(struct iphdr)], *op;
|
||||
const unsigned char *op;
|
||||
unsigned char _opt[4 * 15 - sizeof(struct iphdr)];
|
||||
unsigned int i, optsize;
|
||||
|
||||
optsize = ih->ihl * 4 - sizeof(struct iphdr);
|
||||
|
@ -35,8 +35,10 @@ MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv4");
|
||||
static void send_reset(struct sk_buff *oldskb, int hook)
|
||||
{
|
||||
struct sk_buff *nskb;
|
||||
struct iphdr *oiph, *niph;
|
||||
struct tcphdr _otcph, *oth, *tcph;
|
||||
const struct iphdr *oiph;
|
||||
struct iphdr *niph;
|
||||
const struct tcphdr *oth;
|
||||
struct tcphdr _otcph, *tcph;
|
||||
unsigned int addr_type;
|
||||
|
||||
/* IP header checks: fragment. */
|
||||
|
@ -340,7 +340,7 @@ static void *recent_seq_start(struct seq_file *seq, loff_t *pos)
|
||||
static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
||||
{
|
||||
struct recent_iter_state *st = seq->private;
|
||||
struct recent_table *t = st->table;
|
||||
const struct recent_table *t = st->table;
|
||||
struct recent_entry *e = v;
|
||||
struct list_head *head = e->list.next;
|
||||
|
||||
@ -361,7 +361,7 @@ static void recent_seq_stop(struct seq_file *s, void *v)
|
||||
|
||||
static int recent_seq_show(struct seq_file *seq, void *v)
|
||||
{
|
||||
struct recent_entry *e = v;
|
||||
const struct recent_entry *e = v;
|
||||
unsigned int i;
|
||||
|
||||
i = (e->index - 1) % ip_pkt_list_tot;
|
||||
@ -396,7 +396,7 @@ static int recent_seq_open(struct inode *inode, struct file *file)
|
||||
static ssize_t recent_proc_write(struct file *file, const char __user *input,
|
||||
size_t size, loff_t *loff)
|
||||
{
|
||||
struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
|
||||
const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
|
||||
struct recent_table *t = pde->data;
|
||||
struct recent_entry *e;
|
||||
char buf[sizeof("+255.255.255.255")], *c = buf;
|
||||
|
@ -143,7 +143,7 @@ static bool ipt_snat_checkentry(const char *tablename,
|
||||
void *targinfo,
|
||||
unsigned int hook_mask)
|
||||
{
|
||||
struct nf_nat_multi_range_compat *mr = targinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = targinfo;
|
||||
|
||||
/* Must be a valid range */
|
||||
if (mr->rangesize != 1) {
|
||||
@ -159,7 +159,7 @@ static bool ipt_dnat_checkentry(const char *tablename,
|
||||
void *targinfo,
|
||||
unsigned int hook_mask)
|
||||
{
|
||||
struct nf_nat_multi_range_compat *mr = targinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = targinfo;
|
||||
|
||||
/* Must be a valid range */
|
||||
if (mr->rangesize != 1) {
|
||||
|
@ -41,7 +41,8 @@ static void send_reset(struct sk_buff *oldskb)
|
||||
struct tcphdr otcph, *tcph;
|
||||
unsigned int otcplen, hh_len;
|
||||
int tcphoff, needs_ack;
|
||||
struct ipv6hdr *oip6h = ipv6_hdr(oldskb), *ip6h;
|
||||
const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
|
||||
struct ipv6hdr *ip6h;
|
||||
struct dst_entry *dst = NULL;
|
||||
u8 proto;
|
||||
struct flowi fl;
|
||||
|
@ -49,7 +49,8 @@ ipv6header_mt6(const struct sk_buff *skb, const struct net_device *in,
|
||||
temp = 0;
|
||||
|
||||
while (ip6t_ext_hdr(nexthdr)) {
|
||||
struct ipv6_opt_hdr _hdr, *hp;
|
||||
const struct ipv6_opt_hdr *hp;
|
||||
struct ipv6_opt_hdr _hdr;
|
||||
int hdrlen;
|
||||
|
||||
/* Is there enough space for the next ext header? */
|
||||
|
@ -110,7 +110,8 @@ rt_mt6(const struct sk_buff *skb, const struct net_device *in,
|
||||
!!(rtinfo->invflags & IP6T_RT_INV_TYP)));
|
||||
|
||||
if (ret && (rtinfo->flags & IP6T_RT_RES)) {
|
||||
u_int32_t *rp, _reserved;
|
||||
const u_int32_t *rp;
|
||||
u_int32_t _reserved;
|
||||
rp = skb_header_pointer(skb,
|
||||
ptr + offsetof(struct rt0_hdr,
|
||||
reserved),
|
||||
|
@ -55,7 +55,7 @@ static void secmark_save(const struct sk_buff *skb)
|
||||
static void secmark_restore(struct sk_buff *skb)
|
||||
{
|
||||
if (!skb->secmark) {
|
||||
struct nf_conn *ct;
|
||||
const struct nf_conn *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
|
@ -96,7 +96,7 @@ xt_rateest_tg_checkentry(const char *tablename,
|
||||
void *targinfo,
|
||||
unsigned int hook_mask)
|
||||
{
|
||||
struct xt_rateest_target_info *info = (void *)targinfo;
|
||||
struct xt_rateest_target_info *info = targinfo;
|
||||
struct xt_rateest *est;
|
||||
struct {
|
||||
struct nlattr opt;
|
||||
|
@ -106,10 +106,10 @@ static int count_them(struct xt_connlimit_data *data,
|
||||
const union nf_inet_addr *mask,
|
||||
const struct xt_match *match)
|
||||
{
|
||||
struct nf_conntrack_tuple_hash *found;
|
||||
const struct nf_conntrack_tuple_hash *found;
|
||||
struct xt_connlimit_conn *conn;
|
||||
struct xt_connlimit_conn *tmp;
|
||||
struct nf_conn *found_ct;
|
||||
const struct nf_conn *found_ct;
|
||||
struct list_head *hash;
|
||||
bool addit = true;
|
||||
int matches = 0;
|
||||
@ -256,7 +256,7 @@ connlimit_mt_check(const char *tablename, const void *ip,
|
||||
static void
|
||||
connlimit_mt_destroy(const struct xt_match *match, void *matchinfo)
|
||||
{
|
||||
struct xt_connlimit_info *info = matchinfo;
|
||||
const struct xt_connlimit_info *info = matchinfo;
|
||||
struct xt_connlimit_conn *conn;
|
||||
struct xt_connlimit_conn *tmp;
|
||||
struct list_head *hash = info->data->iphash;
|
||||
|
@ -98,7 +98,8 @@ dccp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||
{
|
||||
const struct xt_dccp_info *info = matchinfo;
|
||||
struct dccp_hdr _dh, *dh;
|
||||
const struct dccp_hdr *dh;
|
||||
struct dccp_hdr _dh;
|
||||
|
||||
if (offset)
|
||||
return false;
|
||||
|
@ -47,7 +47,8 @@ esp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||
{
|
||||
struct ip_esp_hdr _esp, *eh;
|
||||
const struct ip_esp_hdr *eh;
|
||||
struct ip_esp_hdr _esp;
|
||||
const struct xt_esp *espinfo = matchinfo;
|
||||
|
||||
/* Must not be a fragment. */
|
||||
|
@ -100,7 +100,8 @@ multiport_mt_v0(const struct sk_buff *skb, const struct net_device *in,
|
||||
const void *matchinfo, int offset, unsigned int protoff,
|
||||
bool *hotdrop)
|
||||
{
|
||||
__be16 _ports[2], *pptr;
|
||||
const __be16 *pptr;
|
||||
__be16 _ports[2];
|
||||
const struct xt_multiport *multiinfo = matchinfo;
|
||||
|
||||
if (offset)
|
||||
@ -126,7 +127,8 @@ multiport_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const void *matchinfo, int offset, unsigned int protoff,
|
||||
bool *hotdrop)
|
||||
{
|
||||
__be16 _ports[2], *pptr;
|
||||
const __be16 *pptr;
|
||||
__be16 _ports[2];
|
||||
const struct xt_multiport_v1 *multiinfo = matchinfo;
|
||||
|
||||
if (offset)
|
||||
|
@ -136,7 +136,7 @@ policy_mt_check(const char *tablename, const void *ip_void,
|
||||
const struct xt_match *match, void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
{
|
||||
struct xt_policy_info *info = matchinfo;
|
||||
const struct xt_policy_info *info = matchinfo;
|
||||
|
||||
if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) {
|
||||
printk(KERN_ERR "xt_policy: neither incoming nor "
|
||||
|
@ -86,7 +86,7 @@ static bool xt_rateest_mt_checkentry(const char *tablename,
|
||||
void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
{
|
||||
struct xt_rateest_match_info *info = (void *)matchinfo;
|
||||
struct xt_rateest_match_info *info = matchinfo;
|
||||
struct xt_rateest *est1, *est2;
|
||||
|
||||
if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS |
|
||||
@ -130,7 +130,7 @@ err1:
|
||||
static void xt_rateest_mt_destroy(const struct xt_match *match,
|
||||
void *matchinfo)
|
||||
{
|
||||
struct xt_rateest_match_info *info = (void *)matchinfo;
|
||||
struct xt_rateest_match_info *info = matchinfo;
|
||||
|
||||
xt_rateest_put(info->est1);
|
||||
if (info->est2)
|
||||
|
@ -46,7 +46,8 @@ match_packet(const struct sk_buff *skb,
|
||||
bool *hotdrop)
|
||||
{
|
||||
u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
|
||||
sctp_chunkhdr_t _sch, *sch;
|
||||
const sctp_chunkhdr_t *sch;
|
||||
sctp_chunkhdr_t _sch;
|
||||
int chunk_match_type = info->chunk_match_type;
|
||||
const struct xt_sctp_flag_info *flag_info = info->flag_info;
|
||||
int flag_count = info->flag_count;
|
||||
@ -121,7 +122,8 @@ sctp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||
{
|
||||
const struct xt_sctp_info *info = matchinfo;
|
||||
sctp_sctphdr_t _sh, *sh;
|
||||
const sctp_sctphdr_t *sh;
|
||||
sctp_sctphdr_t _sh;
|
||||
|
||||
if (offset) {
|
||||
duprintf("Dropping non-first fragment.. FIXME\n");
|
||||
|
@ -31,9 +31,11 @@ tcpmss_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
bool *hotdrop)
|
||||
{
|
||||
const struct xt_tcpmss_match_info *info = matchinfo;
|
||||
struct tcphdr _tcph, *th;
|
||||
const struct tcphdr *th;
|
||||
struct tcphdr _tcph;
|
||||
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
|
||||
u8 _opt[15 * 4 - sizeof(_tcph)], *op;
|
||||
const u_int8_t *op;
|
||||
u8 _opt[15 * 4 - sizeof(_tcph)];
|
||||
unsigned int i, optlen;
|
||||
|
||||
/* If we don't have the whole header, drop packet. */
|
||||
|
@ -42,7 +42,8 @@ tcp_find_option(u_int8_t option,
|
||||
bool *hotdrop)
|
||||
{
|
||||
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
|
||||
u_int8_t _opt[60 - sizeof(struct tcphdr)], *op;
|
||||
const u_int8_t *op;
|
||||
u_int8_t _opt[60 - sizeof(struct tcphdr)];
|
||||
unsigned int i;
|
||||
|
||||
duprintf("tcp_match: finding option\n");
|
||||
@ -72,7 +73,8 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||
{
|
||||
struct tcphdr _tcph, *th;
|
||||
const struct tcphdr *th;
|
||||
struct tcphdr _tcph;
|
||||
const struct xt_tcp *tcpinfo = matchinfo;
|
||||
|
||||
if (offset) {
|
||||
@ -144,7 +146,8 @@ udp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||
const struct net_device *out, const struct xt_match *match,
|
||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||
{
|
||||
struct udphdr _udph, *uh;
|
||||
const struct udphdr *uh;
|
||||
struct udphdr _udph;
|
||||
const struct xt_udp *udpinfo = matchinfo;
|
||||
|
||||
/* Must not be a fragment. */
|
||||
|
@ -223,7 +223,7 @@ time_mt_check(const char *tablename, const void *ip,
|
||||
const struct xt_match *match, void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
{
|
||||
struct xt_time_info *info = matchinfo;
|
||||
const struct xt_time_info *info = matchinfo;
|
||||
|
||||
if (info->daytime_start > XT_TIME_MAX_DAYTIME ||
|
||||
info->daytime_stop > XT_TIME_MAX_DAYTIME) {
|
||||
|
Loading…
Reference in New Issue
Block a user