[NETFILTER]: ipt annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
a76b11dd25
commit
6a19d61472
12 changed files with 49 additions and 46 deletions
|
@ -8,7 +8,7 @@
|
|||
|
||||
struct ipt_iprange {
|
||||
/* Inclusive: network order. */
|
||||
u_int32_t min_ip, max_ip;
|
||||
__be32 min_ip, max_ip;
|
||||
};
|
||||
|
||||
struct ipt_iprange_info
|
||||
|
|
|
@ -52,7 +52,7 @@ struct clusterip_config {
|
|||
atomic_t entries; /* number of entries/rules
|
||||
* referencing us */
|
||||
|
||||
u_int32_t clusterip; /* the IP address */
|
||||
__be32 clusterip; /* the IP address */
|
||||
u_int8_t clustermac[ETH_ALEN]; /* the MAC address */
|
||||
struct net_device *dev; /* device */
|
||||
u_int16_t num_total_nodes; /* total number of nodes */
|
||||
|
@ -119,7 +119,7 @@ clusterip_config_entry_put(struct clusterip_config *c)
|
|||
}
|
||||
|
||||
static struct clusterip_config *
|
||||
__clusterip_config_find(u_int32_t clusterip)
|
||||
__clusterip_config_find(__be32 clusterip)
|
||||
{
|
||||
struct list_head *pos;
|
||||
|
||||
|
@ -136,7 +136,7 @@ __clusterip_config_find(u_int32_t clusterip)
|
|||
}
|
||||
|
||||
static inline struct clusterip_config *
|
||||
clusterip_config_find_get(u_int32_t clusterip, int entry)
|
||||
clusterip_config_find_get(__be32 clusterip, int entry)
|
||||
{
|
||||
struct clusterip_config *c;
|
||||
|
||||
|
@ -166,7 +166,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
|
|||
}
|
||||
|
||||
static struct clusterip_config *
|
||||
clusterip_config_init(struct ipt_clusterip_tgt_info *i, u_int32_t ip,
|
||||
clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip,
|
||||
struct net_device *dev)
|
||||
{
|
||||
struct clusterip_config *c;
|
||||
|
@ -387,7 +387,7 @@ checkentry(const char *tablename,
|
|||
return 0;
|
||||
|
||||
}
|
||||
if (e->ip.dmsk.s_addr != 0xffffffff
|
||||
if (e->ip.dmsk.s_addr != htonl(0xffffffff)
|
||||
|| e->ip.dst.s_addr == 0) {
|
||||
printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n");
|
||||
return 0;
|
||||
|
@ -476,9 +476,9 @@ static struct ipt_target clusterip_tgt = {
|
|||
/* hardcoded for 48bit ethernet and 32bit ipv4 addresses */
|
||||
struct arp_payload {
|
||||
u_int8_t src_hw[ETH_ALEN];
|
||||
u_int32_t src_ip;
|
||||
__be32 src_ip;
|
||||
u_int8_t dst_hw[ETH_ALEN];
|
||||
u_int32_t dst_ip;
|
||||
__be32 dst_ip;
|
||||
} __attribute__ ((packed));
|
||||
|
||||
#ifdef CLUSTERIP_DEBUG
|
||||
|
|
|
@ -28,7 +28,7 @@ static inline int
|
|||
set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||
{
|
||||
struct iphdr *iph = (*pskb)->nh.iph;
|
||||
u_int16_t oldtos;
|
||||
__be16 oldtos;
|
||||
|
||||
if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
|
||||
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
|
||||
|
@ -37,7 +37,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
|||
oldtos = iph->tos;
|
||||
iph->tos &= ~IPT_ECN_IP_MASK;
|
||||
iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
|
||||
iph->check = nf_csum_update(oldtos ^ 0xFFFF, iph->tos,
|
||||
iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos,
|
||||
iph->check);
|
||||
}
|
||||
return 1;
|
||||
|
@ -48,7 +48,7 @@ static inline int
|
|||
set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||
{
|
||||
struct tcphdr _tcph, *tcph;
|
||||
u_int16_t oldval;
|
||||
__be16 oldval;
|
||||
|
||||
/* Not enought header? */
|
||||
tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
|
||||
|
@ -66,15 +66,15 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
|||
return 0;
|
||||
tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4;
|
||||
|
||||
oldval = ((u_int16_t *)tcph)[6];
|
||||
oldval = ((__be16 *)tcph)[6];
|
||||
if (einfo->operation & IPT_ECN_OP_SET_ECE)
|
||||
tcph->ece = einfo->proto.tcp.ece;
|
||||
if (einfo->operation & IPT_ECN_OP_SET_CWR)
|
||||
tcph->cwr = einfo->proto.tcp.cwr;
|
||||
|
||||
tcph->check = nf_proto_csum_update((*pskb),
|
||||
oldval ^ 0xFFFF,
|
||||
((u_int16_t *)tcph)[6],
|
||||
oldval ^ htons(0xFFFF),
|
||||
((__be16 *)tcph)[6],
|
||||
tcph->check, 0);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -58,7 +58,7 @@ target(struct sk_buff **pskb,
|
|||
{
|
||||
struct ip_conntrack *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
u_int32_t new_ip, netmask;
|
||||
__be32 new_ip, netmask;
|
||||
const struct ip_nat_multi_range_compat *mr = targinfo;
|
||||
struct ip_nat_range newrange;
|
||||
|
||||
|
|
|
@ -104,8 +104,8 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
|||
struct iphdr *iph = oldskb->nh.iph;
|
||||
struct tcphdr _otcph, *oth, *tcph;
|
||||
struct rtable *rt;
|
||||
u_int16_t tmp_port;
|
||||
u_int32_t tmp_addr;
|
||||
__be16 tmp_port;
|
||||
__be32 tmp_addr;
|
||||
int needs_ack;
|
||||
int hh_len;
|
||||
|
||||
|
|
|
@ -135,7 +135,8 @@ same_target(struct sk_buff **pskb,
|
|||
{
|
||||
struct ip_conntrack *ct;
|
||||
enum ip_conntrack_info ctinfo;
|
||||
u_int32_t tmpip, aindex, new_ip;
|
||||
u_int32_t tmpip, aindex;
|
||||
__be32 new_ip;
|
||||
const struct ipt_same_info *same = targinfo;
|
||||
struct ip_nat_range newrange;
|
||||
const struct ip_conntrack_tuple *t;
|
||||
|
|
|
@ -42,7 +42,8 @@ ipt_tcpmss_target(struct sk_buff **pskb,
|
|||
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
|
||||
struct tcphdr *tcph;
|
||||
struct iphdr *iph;
|
||||
u_int16_t tcplen, newtotlen, oldval, newmss;
|
||||
u_int16_t tcplen, newmss;
|
||||
__be16 newtotlen, oldval;
|
||||
unsigned int i;
|
||||
u_int8_t *opt;
|
||||
|
||||
|
@ -97,7 +98,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
|
|||
opt[i+3] = (newmss & 0x00ff);
|
||||
|
||||
tcph->check = nf_proto_csum_update(*pskb,
|
||||
htons(oldmss)^0xFFFF,
|
||||
htons(oldmss)^htons(0xFFFF),
|
||||
htons(newmss),
|
||||
tcph->check, 0);
|
||||
return IPT_CONTINUE;
|
||||
|
@ -126,7 +127,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
|
|||
memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
|
||||
|
||||
tcph->check = nf_proto_csum_update(*pskb,
|
||||
htons(tcplen) ^ 0xFFFF,
|
||||
htons(tcplen) ^ htons(0xFFFF),
|
||||
htons(tcplen + TCPOLEN_MSS),
|
||||
tcph->check, 1);
|
||||
opt[0] = TCPOPT_MSS;
|
||||
|
@ -134,18 +135,18 @@ ipt_tcpmss_target(struct sk_buff **pskb,
|
|||
opt[2] = (newmss & 0xff00) >> 8;
|
||||
opt[3] = (newmss & 0x00ff);
|
||||
|
||||
tcph->check = nf_proto_csum_update(*pskb, ~0, *((u_int32_t *)opt),
|
||||
tcph->check = nf_proto_csum_update(*pskb, htonl(~0), *((__be32 *)opt),
|
||||
tcph->check, 0);
|
||||
|
||||
oldval = ((u_int16_t *)tcph)[6];
|
||||
oldval = ((__be16 *)tcph)[6];
|
||||
tcph->doff += TCPOLEN_MSS/4;
|
||||
tcph->check = nf_proto_csum_update(*pskb,
|
||||
oldval ^ 0xFFFF,
|
||||
((u_int16_t *)tcph)[6],
|
||||
oldval ^ htons(0xFFFF),
|
||||
((__be16 *)tcph)[6],
|
||||
tcph->check, 0);
|
||||
|
||||
newtotlen = htons(ntohs(iph->tot_len) + TCPOLEN_MSS);
|
||||
iph->check = nf_csum_update(iph->tot_len ^ 0xFFFF,
|
||||
iph->check = nf_csum_update(iph->tot_len ^ htons(0xFFFF),
|
||||
newtotlen, iph->check);
|
||||
iph->tot_len = newtotlen;
|
||||
return IPT_CONTINUE;
|
||||
|
|
|
@ -30,7 +30,7 @@ target(struct sk_buff **pskb,
|
|||
{
|
||||
const struct ipt_tos_target_info *tosinfo = targinfo;
|
||||
struct iphdr *iph = (*pskb)->nh.iph;
|
||||
u_int16_t oldtos;
|
||||
__be16 oldtos;
|
||||
|
||||
if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
|
||||
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
|
||||
|
@ -38,7 +38,7 @@ target(struct sk_buff **pskb,
|
|||
iph = (*pskb)->nh.iph;
|
||||
oldtos = iph->tos;
|
||||
iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
|
||||
iph->check = nf_csum_update(oldtos ^ 0xFFFF, iph->tos,
|
||||
iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos,
|
||||
iph->check);
|
||||
}
|
||||
return IPT_CONTINUE;
|
||||
|
|
|
@ -54,8 +54,8 @@ ipt_ttl_target(struct sk_buff **pskb,
|
|||
}
|
||||
|
||||
if (new_ttl != iph->ttl) {
|
||||
iph->check = nf_csum_update(ntohs((iph->ttl << 8)) ^ 0xFFFF,
|
||||
ntohs(new_ttl << 8),
|
||||
iph->check = nf_csum_update(htons((iph->ttl << 8)) ^ htons(0xFFFF),
|
||||
htons(new_ttl << 8),
|
||||
iph->check);
|
||||
iph->ttl = new_ttl;
|
||||
}
|
||||
|
|
|
@ -50,11 +50,11 @@ static struct file_operations dl_file_ops;
|
|||
/* hash table crap */
|
||||
|
||||
struct dsthash_dst {
|
||||
u_int32_t src_ip;
|
||||
u_int32_t dst_ip;
|
||||
__be32 src_ip;
|
||||
__be32 dst_ip;
|
||||
/* ports have to be consecutive !!! */
|
||||
u_int16_t src_port;
|
||||
u_int16_t dst_port;
|
||||
__be16 src_port;
|
||||
__be16 dst_port;
|
||||
};
|
||||
|
||||
struct dsthash_ent {
|
||||
|
@ -106,8 +106,10 @@ static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b)
|
|||
static inline u_int32_t
|
||||
hash_dst(const struct ipt_hashlimit_htable *ht, const struct dsthash_dst *dst)
|
||||
{
|
||||
return (jhash_3words(dst->dst_ip, (dst->dst_port<<16 | dst->src_port),
|
||||
dst->src_ip, ht->rnd) % ht->cfg.size);
|
||||
return (jhash_3words((__force u32)dst->dst_ip,
|
||||
((__force u32)dst->dst_port<<16 |
|
||||
(__force u32)dst->src_port),
|
||||
(__force u32)dst->src_ip, ht->rnd) % ht->cfg.size);
|
||||
}
|
||||
|
||||
static inline struct dsthash_ent *
|
||||
|
@ -406,7 +408,7 @@ hashlimit_match(const struct sk_buff *skb,
|
|||
dst.src_ip = skb->nh.iph->saddr;
|
||||
if (hinfo->cfg.mode & IPT_HASHLIMIT_HASH_DPT
|
||||
||hinfo->cfg.mode & IPT_HASHLIMIT_HASH_SPT) {
|
||||
u_int16_t _ports[2], *ports;
|
||||
__be16 _ports[2], *ports;
|
||||
|
||||
switch (skb->nh.iph->protocol) {
|
||||
case IPPROTO_TCP:
|
||||
|
|
|
@ -50,11 +50,10 @@ MODULE_PARM_DESC(ip_list_perms, "permissions on /proc/net/ipt_recent/* files");
|
|||
MODULE_PARM_DESC(ip_list_uid,"owner of /proc/net/ipt_recent/* files");
|
||||
MODULE_PARM_DESC(ip_list_gid,"owning group of /proc/net/ipt_recent/* files");
|
||||
|
||||
|
||||
struct recent_entry {
|
||||
struct list_head list;
|
||||
struct list_head lru_list;
|
||||
u_int32_t addr;
|
||||
__be32 addr;
|
||||
u_int8_t ttl;
|
||||
u_int8_t index;
|
||||
u_int16_t nstamps;
|
||||
|
@ -85,17 +84,17 @@ static struct file_operations recent_fops;
|
|||
static u_int32_t hash_rnd;
|
||||
static int hash_rnd_initted;
|
||||
|
||||
static unsigned int recent_entry_hash(u_int32_t addr)
|
||||
static unsigned int recent_entry_hash(__be32 addr)
|
||||
{
|
||||
if (!hash_rnd_initted) {
|
||||
get_random_bytes(&hash_rnd, 4);
|
||||
hash_rnd_initted = 1;
|
||||
}
|
||||
return jhash_1word(addr, hash_rnd) & (ip_list_hash_size - 1);
|
||||
return jhash_1word((__force u32)addr, hash_rnd) & (ip_list_hash_size - 1);
|
||||
}
|
||||
|
||||
static struct recent_entry *
|
||||
recent_entry_lookup(const struct recent_table *table, u_int32_t addr, u_int8_t ttl)
|
||||
recent_entry_lookup(const struct recent_table *table, __be32 addr, u_int8_t ttl)
|
||||
{
|
||||
struct recent_entry *e;
|
||||
unsigned int h;
|
||||
|
@ -116,7 +115,7 @@ static void recent_entry_remove(struct recent_table *t, struct recent_entry *e)
|
|||
}
|
||||
|
||||
static struct recent_entry *
|
||||
recent_entry_init(struct recent_table *t, u_int32_t addr, u_int8_t ttl)
|
||||
recent_entry_init(struct recent_table *t, __be32 addr, u_int8_t ttl)
|
||||
{
|
||||
struct recent_entry *e;
|
||||
|
||||
|
@ -178,7 +177,7 @@ ipt_recent_match(const struct sk_buff *skb,
|
|||
const struct ipt_recent_info *info = matchinfo;
|
||||
struct recent_table *t;
|
||||
struct recent_entry *e;
|
||||
u_int32_t addr;
|
||||
__be32 addr;
|
||||
u_int8_t ttl;
|
||||
int ret = info->invert;
|
||||
|
||||
|
@ -406,7 +405,7 @@ static ssize_t recent_proc_write(struct file *file, const char __user *input,
|
|||
struct recent_table *t = pde->data;
|
||||
struct recent_entry *e;
|
||||
char buf[sizeof("+255.255.255.255")], *c = buf;
|
||||
u_int32_t addr;
|
||||
__be32 addr;
|
||||
int add;
|
||||
|
||||
if (size > sizeof(buf))
|
||||
|
|
|
@ -131,7 +131,7 @@ ipt_local_hook(unsigned int hook,
|
|||
{
|
||||
unsigned int ret;
|
||||
u_int8_t tos;
|
||||
u_int32_t saddr, daddr;
|
||||
__be32 saddr, daddr;
|
||||
unsigned long nfmark;
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
|
|
Loading…
Reference in a new issue