[NETFILTER]: annotate xtables targets with const and remove casts
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>hifive-unleashed-5.1
parent
b9f61b1603
commit
3cf93c96af
|
@ -142,7 +142,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct clusterip_config *
|
static struct clusterip_config *
|
||||||
clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip,
|
clusterip_config_init(const struct ipt_clusterip_tgt_info *i, __be32 ip,
|
||||||
struct net_device *dev)
|
struct net_device *dev)
|
||||||
{
|
{
|
||||||
struct clusterip_config *c;
|
struct clusterip_config *c;
|
||||||
|
@ -416,7 +416,7 @@ clusterip_tg_check(const char *tablename, const void *e_void,
|
||||||
/* drop reference count of cluster config when rule is deleted */
|
/* drop reference count of cluster config when rule is deleted */
|
||||||
static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo)
|
static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo)
|
||||||
{
|
{
|
||||||
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
|
const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
|
||||||
|
|
||||||
/* if no more entries are referencing the config, remove it
|
/* if no more entries are referencing the config, remove it
|
||||||
* from the list and destroy the proc entry */
|
* from the list and destroy the proc entry */
|
||||||
|
@ -565,7 +565,7 @@ struct clusterip_seq_position {
|
||||||
|
|
||||||
static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
|
static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
|
||||||
{
|
{
|
||||||
struct proc_dir_entry *pde = s->private;
|
const struct proc_dir_entry *pde = s->private;
|
||||||
struct clusterip_config *c = pde->data;
|
struct clusterip_config *c = pde->data;
|
||||||
unsigned int weight;
|
unsigned int weight;
|
||||||
u_int32_t local_nodes;
|
u_int32_t local_nodes;
|
||||||
|
@ -592,7 +592,7 @@ static void *clusterip_seq_start(struct seq_file *s, loff_t *pos)
|
||||||
|
|
||||||
static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos)
|
static void *clusterip_seq_next(struct seq_file *s, void *v, loff_t *pos)
|
||||||
{
|
{
|
||||||
struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v;
|
struct clusterip_seq_position *idx = v;
|
||||||
|
|
||||||
*pos = ++idx->pos;
|
*pos = ++idx->pos;
|
||||||
if (*pos >= idx->weight) {
|
if (*pos >= idx->weight) {
|
||||||
|
@ -611,7 +611,7 @@ static void clusterip_seq_stop(struct seq_file *s, void *v)
|
||||||
|
|
||||||
static int clusterip_seq_show(struct seq_file *s, void *v)
|
static int clusterip_seq_show(struct seq_file *s, void *v)
|
||||||
{
|
{
|
||||||
struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v;
|
struct clusterip_seq_position *idx = v;
|
||||||
|
|
||||||
if (idx->pos != 0)
|
if (idx->pos != 0)
|
||||||
seq_putc(s, ',');
|
seq_putc(s, ',');
|
||||||
|
@ -667,7 +667,7 @@ static ssize_t clusterip_proc_write(struct file *file, const char __user *input,
|
||||||
{
|
{
|
||||||
#define PROC_WRITELEN 10
|
#define PROC_WRITELEN 10
|
||||||
char buffer[PROC_WRITELEN+1];
|
char buffer[PROC_WRITELEN+1];
|
||||||
struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
|
const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
|
||||||
struct clusterip_config *c = pde->data;
|
struct clusterip_config *c = pde->data;
|
||||||
unsigned long nodenum;
|
unsigned long nodenum;
|
||||||
|
|
||||||
|
|
|
@ -100,7 +100,7 @@ ecn_tg_check(const char *tablename, const void *e_void,
|
||||||
const struct xt_target *target, void *targinfo,
|
const struct xt_target *target, void *targinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
|
const struct ipt_ECN_info *einfo = targinfo;
|
||||||
const struct ipt_entry *e = e_void;
|
const struct ipt_entry *e = e_void;
|
||||||
|
|
||||||
if (einfo->operation & IPT_ECN_OP_MASK) {
|
if (einfo->operation & IPT_ECN_OP_MASK) {
|
||||||
|
|
|
@ -76,7 +76,8 @@ static void dump_packet(const struct nf_loginfo *info,
|
||||||
|
|
||||||
if ((logflags & IPT_LOG_IPOPT)
|
if ((logflags & IPT_LOG_IPOPT)
|
||||||
&& ih->ihl * 4 > sizeof(struct iphdr)) {
|
&& ih->ihl * 4 > sizeof(struct iphdr)) {
|
||||||
unsigned char _opt[4 * 15 - sizeof(struct iphdr)], *op;
|
const unsigned char *op;
|
||||||
|
unsigned char _opt[4 * 15 - sizeof(struct iphdr)];
|
||||||
unsigned int i, optsize;
|
unsigned int i, optsize;
|
||||||
|
|
||||||
optsize = ih->ihl * 4 - sizeof(struct iphdr);
|
optsize = ih->ihl * 4 - sizeof(struct iphdr);
|
||||||
|
|
|
@ -35,8 +35,10 @@ MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv4");
|
||||||
static void send_reset(struct sk_buff *oldskb, int hook)
|
static void send_reset(struct sk_buff *oldskb, int hook)
|
||||||
{
|
{
|
||||||
struct sk_buff *nskb;
|
struct sk_buff *nskb;
|
||||||
struct iphdr *oiph, *niph;
|
const struct iphdr *oiph;
|
||||||
struct tcphdr _otcph, *oth, *tcph;
|
struct iphdr *niph;
|
||||||
|
const struct tcphdr *oth;
|
||||||
|
struct tcphdr _otcph, *tcph;
|
||||||
unsigned int addr_type;
|
unsigned int addr_type;
|
||||||
|
|
||||||
/* IP header checks: fragment. */
|
/* IP header checks: fragment. */
|
||||||
|
|
|
@ -340,7 +340,7 @@ static void *recent_seq_start(struct seq_file *seq, loff_t *pos)
|
||||||
static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
static void *recent_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
||||||
{
|
{
|
||||||
struct recent_iter_state *st = seq->private;
|
struct recent_iter_state *st = seq->private;
|
||||||
struct recent_table *t = st->table;
|
const struct recent_table *t = st->table;
|
||||||
struct recent_entry *e = v;
|
struct recent_entry *e = v;
|
||||||
struct list_head *head = e->list.next;
|
struct list_head *head = e->list.next;
|
||||||
|
|
||||||
|
@ -361,7 +361,7 @@ static void recent_seq_stop(struct seq_file *s, void *v)
|
||||||
|
|
||||||
static int recent_seq_show(struct seq_file *seq, void *v)
|
static int recent_seq_show(struct seq_file *seq, void *v)
|
||||||
{
|
{
|
||||||
struct recent_entry *e = v;
|
const struct recent_entry *e = v;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
i = (e->index - 1) % ip_pkt_list_tot;
|
i = (e->index - 1) % ip_pkt_list_tot;
|
||||||
|
@ -396,7 +396,7 @@ static int recent_seq_open(struct inode *inode, struct file *file)
|
||||||
static ssize_t recent_proc_write(struct file *file, const char __user *input,
|
static ssize_t recent_proc_write(struct file *file, const char __user *input,
|
||||||
size_t size, loff_t *loff)
|
size_t size, loff_t *loff)
|
||||||
{
|
{
|
||||||
struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
|
const struct proc_dir_entry *pde = PDE(file->f_path.dentry->d_inode);
|
||||||
struct recent_table *t = pde->data;
|
struct recent_table *t = pde->data;
|
||||||
struct recent_entry *e;
|
struct recent_entry *e;
|
||||||
char buf[sizeof("+255.255.255.255")], *c = buf;
|
char buf[sizeof("+255.255.255.255")], *c = buf;
|
||||||
|
|
|
@ -143,7 +143,7 @@ static bool ipt_snat_checkentry(const char *tablename,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
struct nf_nat_multi_range_compat *mr = targinfo;
|
const struct nf_nat_multi_range_compat *mr = targinfo;
|
||||||
|
|
||||||
/* Must be a valid range */
|
/* Must be a valid range */
|
||||||
if (mr->rangesize != 1) {
|
if (mr->rangesize != 1) {
|
||||||
|
@ -159,7 +159,7 @@ static bool ipt_dnat_checkentry(const char *tablename,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
struct nf_nat_multi_range_compat *mr = targinfo;
|
const struct nf_nat_multi_range_compat *mr = targinfo;
|
||||||
|
|
||||||
/* Must be a valid range */
|
/* Must be a valid range */
|
||||||
if (mr->rangesize != 1) {
|
if (mr->rangesize != 1) {
|
||||||
|
|
|
@ -41,7 +41,8 @@ static void send_reset(struct sk_buff *oldskb)
|
||||||
struct tcphdr otcph, *tcph;
|
struct tcphdr otcph, *tcph;
|
||||||
unsigned int otcplen, hh_len;
|
unsigned int otcplen, hh_len;
|
||||||
int tcphoff, needs_ack;
|
int tcphoff, needs_ack;
|
||||||
struct ipv6hdr *oip6h = ipv6_hdr(oldskb), *ip6h;
|
const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
|
||||||
|
struct ipv6hdr *ip6h;
|
||||||
struct dst_entry *dst = NULL;
|
struct dst_entry *dst = NULL;
|
||||||
u8 proto;
|
u8 proto;
|
||||||
struct flowi fl;
|
struct flowi fl;
|
||||||
|
|
|
@ -49,7 +49,8 @@ ipv6header_mt6(const struct sk_buff *skb, const struct net_device *in,
|
||||||
temp = 0;
|
temp = 0;
|
||||||
|
|
||||||
while (ip6t_ext_hdr(nexthdr)) {
|
while (ip6t_ext_hdr(nexthdr)) {
|
||||||
struct ipv6_opt_hdr _hdr, *hp;
|
const struct ipv6_opt_hdr *hp;
|
||||||
|
struct ipv6_opt_hdr _hdr;
|
||||||
int hdrlen;
|
int hdrlen;
|
||||||
|
|
||||||
/* Is there enough space for the next ext header? */
|
/* Is there enough space for the next ext header? */
|
||||||
|
|
|
@ -110,7 +110,8 @@ rt_mt6(const struct sk_buff *skb, const struct net_device *in,
|
||||||
!!(rtinfo->invflags & IP6T_RT_INV_TYP)));
|
!!(rtinfo->invflags & IP6T_RT_INV_TYP)));
|
||||||
|
|
||||||
if (ret && (rtinfo->flags & IP6T_RT_RES)) {
|
if (ret && (rtinfo->flags & IP6T_RT_RES)) {
|
||||||
u_int32_t *rp, _reserved;
|
const u_int32_t *rp;
|
||||||
|
u_int32_t _reserved;
|
||||||
rp = skb_header_pointer(skb,
|
rp = skb_header_pointer(skb,
|
||||||
ptr + offsetof(struct rt0_hdr,
|
ptr + offsetof(struct rt0_hdr,
|
||||||
reserved),
|
reserved),
|
||||||
|
|
|
@ -55,7 +55,7 @@ static void secmark_save(const struct sk_buff *skb)
|
||||||
static void secmark_restore(struct sk_buff *skb)
|
static void secmark_restore(struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
if (!skb->secmark) {
|
if (!skb->secmark) {
|
||||||
struct nf_conn *ct;
|
const struct nf_conn *ct;
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
|
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
|
|
|
@ -96,7 +96,7 @@ xt_rateest_tg_checkentry(const char *tablename,
|
||||||
void *targinfo,
|
void *targinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
struct xt_rateest_target_info *info = (void *)targinfo;
|
struct xt_rateest_target_info *info = targinfo;
|
||||||
struct xt_rateest *est;
|
struct xt_rateest *est;
|
||||||
struct {
|
struct {
|
||||||
struct nlattr opt;
|
struct nlattr opt;
|
||||||
|
|
|
@ -106,10 +106,10 @@ static int count_them(struct xt_connlimit_data *data,
|
||||||
const union nf_inet_addr *mask,
|
const union nf_inet_addr *mask,
|
||||||
const struct xt_match *match)
|
const struct xt_match *match)
|
||||||
{
|
{
|
||||||
struct nf_conntrack_tuple_hash *found;
|
const struct nf_conntrack_tuple_hash *found;
|
||||||
struct xt_connlimit_conn *conn;
|
struct xt_connlimit_conn *conn;
|
||||||
struct xt_connlimit_conn *tmp;
|
struct xt_connlimit_conn *tmp;
|
||||||
struct nf_conn *found_ct;
|
const struct nf_conn *found_ct;
|
||||||
struct list_head *hash;
|
struct list_head *hash;
|
||||||
bool addit = true;
|
bool addit = true;
|
||||||
int matches = 0;
|
int matches = 0;
|
||||||
|
@ -256,7 +256,7 @@ connlimit_mt_check(const char *tablename, const void *ip,
|
||||||
static void
|
static void
|
||||||
connlimit_mt_destroy(const struct xt_match *match, void *matchinfo)
|
connlimit_mt_destroy(const struct xt_match *match, void *matchinfo)
|
||||||
{
|
{
|
||||||
struct xt_connlimit_info *info = matchinfo;
|
const struct xt_connlimit_info *info = matchinfo;
|
||||||
struct xt_connlimit_conn *conn;
|
struct xt_connlimit_conn *conn;
|
||||||
struct xt_connlimit_conn *tmp;
|
struct xt_connlimit_conn *tmp;
|
||||||
struct list_head *hash = info->data->iphash;
|
struct list_head *hash = info->data->iphash;
|
||||||
|
|
|
@ -98,7 +98,8 @@ dccp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||||
{
|
{
|
||||||
const struct xt_dccp_info *info = matchinfo;
|
const struct xt_dccp_info *info = matchinfo;
|
||||||
struct dccp_hdr _dh, *dh;
|
const struct dccp_hdr *dh;
|
||||||
|
struct dccp_hdr _dh;
|
||||||
|
|
||||||
if (offset)
|
if (offset)
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -47,7 +47,8 @@ esp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||||
const struct net_device *out, const struct xt_match *match,
|
const struct net_device *out, const struct xt_match *match,
|
||||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||||
{
|
{
|
||||||
struct ip_esp_hdr _esp, *eh;
|
const struct ip_esp_hdr *eh;
|
||||||
|
struct ip_esp_hdr _esp;
|
||||||
const struct xt_esp *espinfo = matchinfo;
|
const struct xt_esp *espinfo = matchinfo;
|
||||||
|
|
||||||
/* Must not be a fragment. */
|
/* Must not be a fragment. */
|
||||||
|
|
|
@ -100,7 +100,8 @@ multiport_mt_v0(const struct sk_buff *skb, const struct net_device *in,
|
||||||
const void *matchinfo, int offset, unsigned int protoff,
|
const void *matchinfo, int offset, unsigned int protoff,
|
||||||
bool *hotdrop)
|
bool *hotdrop)
|
||||||
{
|
{
|
||||||
__be16 _ports[2], *pptr;
|
const __be16 *pptr;
|
||||||
|
__be16 _ports[2];
|
||||||
const struct xt_multiport *multiinfo = matchinfo;
|
const struct xt_multiport *multiinfo = matchinfo;
|
||||||
|
|
||||||
if (offset)
|
if (offset)
|
||||||
|
@ -126,7 +127,8 @@ multiport_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||||
const void *matchinfo, int offset, unsigned int protoff,
|
const void *matchinfo, int offset, unsigned int protoff,
|
||||||
bool *hotdrop)
|
bool *hotdrop)
|
||||||
{
|
{
|
||||||
__be16 _ports[2], *pptr;
|
const __be16 *pptr;
|
||||||
|
__be16 _ports[2];
|
||||||
const struct xt_multiport_v1 *multiinfo = matchinfo;
|
const struct xt_multiport_v1 *multiinfo = matchinfo;
|
||||||
|
|
||||||
if (offset)
|
if (offset)
|
||||||
|
|
|
@ -136,7 +136,7 @@ policy_mt_check(const char *tablename, const void *ip_void,
|
||||||
const struct xt_match *match, void *matchinfo,
|
const struct xt_match *match, void *matchinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
struct xt_policy_info *info = matchinfo;
|
const struct xt_policy_info *info = matchinfo;
|
||||||
|
|
||||||
if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) {
|
if (!(info->flags & (XT_POLICY_MATCH_IN|XT_POLICY_MATCH_OUT))) {
|
||||||
printk(KERN_ERR "xt_policy: neither incoming nor "
|
printk(KERN_ERR "xt_policy: neither incoming nor "
|
||||||
|
|
|
@ -86,7 +86,7 @@ static bool xt_rateest_mt_checkentry(const char *tablename,
|
||||||
void *matchinfo,
|
void *matchinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
struct xt_rateest_match_info *info = (void *)matchinfo;
|
struct xt_rateest_match_info *info = matchinfo;
|
||||||
struct xt_rateest *est1, *est2;
|
struct xt_rateest *est1, *est2;
|
||||||
|
|
||||||
if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS |
|
if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS |
|
||||||
|
@ -130,7 +130,7 @@ err1:
|
||||||
static void xt_rateest_mt_destroy(const struct xt_match *match,
|
static void xt_rateest_mt_destroy(const struct xt_match *match,
|
||||||
void *matchinfo)
|
void *matchinfo)
|
||||||
{
|
{
|
||||||
struct xt_rateest_match_info *info = (void *)matchinfo;
|
struct xt_rateest_match_info *info = matchinfo;
|
||||||
|
|
||||||
xt_rateest_put(info->est1);
|
xt_rateest_put(info->est1);
|
||||||
if (info->est2)
|
if (info->est2)
|
||||||
|
|
|
@ -46,7 +46,8 @@ match_packet(const struct sk_buff *skb,
|
||||||
bool *hotdrop)
|
bool *hotdrop)
|
||||||
{
|
{
|
||||||
u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
|
u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
|
||||||
sctp_chunkhdr_t _sch, *sch;
|
const sctp_chunkhdr_t *sch;
|
||||||
|
sctp_chunkhdr_t _sch;
|
||||||
int chunk_match_type = info->chunk_match_type;
|
int chunk_match_type = info->chunk_match_type;
|
||||||
const struct xt_sctp_flag_info *flag_info = info->flag_info;
|
const struct xt_sctp_flag_info *flag_info = info->flag_info;
|
||||||
int flag_count = info->flag_count;
|
int flag_count = info->flag_count;
|
||||||
|
@ -121,7 +122,8 @@ sctp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||||
{
|
{
|
||||||
const struct xt_sctp_info *info = matchinfo;
|
const struct xt_sctp_info *info = matchinfo;
|
||||||
sctp_sctphdr_t _sh, *sh;
|
const sctp_sctphdr_t *sh;
|
||||||
|
sctp_sctphdr_t _sh;
|
||||||
|
|
||||||
if (offset) {
|
if (offset) {
|
||||||
duprintf("Dropping non-first fragment.. FIXME\n");
|
duprintf("Dropping non-first fragment.. FIXME\n");
|
||||||
|
|
|
@ -31,9 +31,11 @@ tcpmss_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||||
bool *hotdrop)
|
bool *hotdrop)
|
||||||
{
|
{
|
||||||
const struct xt_tcpmss_match_info *info = matchinfo;
|
const struct xt_tcpmss_match_info *info = matchinfo;
|
||||||
struct tcphdr _tcph, *th;
|
const struct tcphdr *th;
|
||||||
|
struct tcphdr _tcph;
|
||||||
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
|
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
|
||||||
u8 _opt[15 * 4 - sizeof(_tcph)], *op;
|
const u_int8_t *op;
|
||||||
|
u8 _opt[15 * 4 - sizeof(_tcph)];
|
||||||
unsigned int i, optlen;
|
unsigned int i, optlen;
|
||||||
|
|
||||||
/* If we don't have the whole header, drop packet. */
|
/* If we don't have the whole header, drop packet. */
|
||||||
|
|
|
@ -42,7 +42,8 @@ tcp_find_option(u_int8_t option,
|
||||||
bool *hotdrop)
|
bool *hotdrop)
|
||||||
{
|
{
|
||||||
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
|
/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
|
||||||
u_int8_t _opt[60 - sizeof(struct tcphdr)], *op;
|
const u_int8_t *op;
|
||||||
|
u_int8_t _opt[60 - sizeof(struct tcphdr)];
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
duprintf("tcp_match: finding option\n");
|
duprintf("tcp_match: finding option\n");
|
||||||
|
@ -72,7 +73,8 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||||
const struct net_device *out, const struct xt_match *match,
|
const struct net_device *out, const struct xt_match *match,
|
||||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||||
{
|
{
|
||||||
struct tcphdr _tcph, *th;
|
const struct tcphdr *th;
|
||||||
|
struct tcphdr _tcph;
|
||||||
const struct xt_tcp *tcpinfo = matchinfo;
|
const struct xt_tcp *tcpinfo = matchinfo;
|
||||||
|
|
||||||
if (offset) {
|
if (offset) {
|
||||||
|
@ -144,7 +146,8 @@ udp_mt(const struct sk_buff *skb, const struct net_device *in,
|
||||||
const struct net_device *out, const struct xt_match *match,
|
const struct net_device *out, const struct xt_match *match,
|
||||||
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
|
||||||
{
|
{
|
||||||
struct udphdr _udph, *uh;
|
const struct udphdr *uh;
|
||||||
|
struct udphdr _udph;
|
||||||
const struct xt_udp *udpinfo = matchinfo;
|
const struct xt_udp *udpinfo = matchinfo;
|
||||||
|
|
||||||
/* Must not be a fragment. */
|
/* Must not be a fragment. */
|
||||||
|
|
|
@ -223,7 +223,7 @@ time_mt_check(const char *tablename, const void *ip,
|
||||||
const struct xt_match *match, void *matchinfo,
|
const struct xt_match *match, void *matchinfo,
|
||||||
unsigned int hook_mask)
|
unsigned int hook_mask)
|
||||||
{
|
{
|
||||||
struct xt_time_info *info = matchinfo;
|
const struct xt_time_info *info = matchinfo;
|
||||||
|
|
||||||
if (info->daytime_start > XT_TIME_MAX_DAYTIME ||
|
if (info->daytime_start > XT_TIME_MAX_DAYTIME ||
|
||||||
info->daytime_stop > XT_TIME_MAX_DAYTIME) {
|
info->daytime_stop > XT_TIME_MAX_DAYTIME) {
|
||||||
|
|
Loading…
Reference in New Issue