[NETFILTER]: ipt annotations
authorAl Viro <viro@zeniv.linux.org.uk>
Thu, 28 Sep 2006 21:22:24 +0000 (14:22 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Fri, 29 Sep 2006 01:03:02 +0000 (18:03 -0700)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 files changed:
include/linux/netfilter_ipv4/ipt_iprange.h
net/ipv4/netfilter/ipt_CLUSTERIP.c
net/ipv4/netfilter/ipt_ECN.c
net/ipv4/netfilter/ipt_NETMAP.c
net/ipv4/netfilter/ipt_REJECT.c
net/ipv4/netfilter/ipt_SAME.c
net/ipv4/netfilter/ipt_TCPMSS.c
net/ipv4/netfilter/ipt_TOS.c
net/ipv4/netfilter/ipt_TTL.c
net/ipv4/netfilter/ipt_hashlimit.c
net/ipv4/netfilter/ipt_recent.c
net/ipv4/netfilter/iptable_mangle.c

index 3ecb3bd63676a118de24f0e7616dfa1f27e0c2ef..34ab0fb736e2f75d057ea3c6e2bd1d9a65410eaf 100644 (file)
@@ -8,7 +8,7 @@
 
 struct ipt_iprange {
        /* Inclusive: network order. */
-       u_int32_t min_ip, max_ip;
+       __be32 min_ip, max_ip;
 };
 
 struct ipt_iprange_info
index 41589665fc5ddabc128690199ac266bc98494537..7a29d6e7baa7db35c4d71da25889e0e0b83f3a66 100644 (file)
@@ -52,7 +52,7 @@ struct clusterip_config {
        atomic_t entries;                       /* number of entries/rules
                                                 * referencing us */
 
-       u_int32_t clusterip;                    /* the IP address */
+       __be32 clusterip;                       /* the IP address */
        u_int8_t clustermac[ETH_ALEN];          /* the MAC address */
        struct net_device *dev;                 /* device */
        u_int16_t num_total_nodes;              /* total number of nodes */
@@ -119,7 +119,7 @@ clusterip_config_entry_put(struct clusterip_config *c)
 }
 
 static struct clusterip_config *
-__clusterip_config_find(u_int32_t clusterip)
+__clusterip_config_find(__be32 clusterip)
 {
        struct list_head *pos;
 
@@ -136,7 +136,7 @@ __clusterip_config_find(u_int32_t clusterip)
 }
 
 static inline struct clusterip_config *
-clusterip_config_find_get(u_int32_t clusterip, int entry)
+clusterip_config_find_get(__be32 clusterip, int entry)
 {
        struct clusterip_config *c;
 
@@ -166,7 +166,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
 }
 
 static struct clusterip_config *
-clusterip_config_init(struct ipt_clusterip_tgt_info *i, u_int32_t ip,
+clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip,
                        struct net_device *dev)
 {
        struct clusterip_config *c;
@@ -387,7 +387,7 @@ checkentry(const char *tablename,
                return 0;
 
        }
-       if (e->ip.dmsk.s_addr != 0xffffffff
+       if (e->ip.dmsk.s_addr != htonl(0xffffffff)
            || e->ip.dst.s_addr == 0) {
                printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n");
                return 0;
@@ -476,9 +476,9 @@ static struct ipt_target clusterip_tgt = {
 /* hardcoded for 48bit ethernet and 32bit ipv4 addresses */
 struct arp_payload {
        u_int8_t src_hw[ETH_ALEN];
-       u_int32_t src_ip;
+       __be32 src_ip;
        u_int8_t dst_hw[ETH_ALEN];
-       u_int32_t dst_ip;
+       __be32 dst_ip;
 } __attribute__ ((packed));
 
 #ifdef CLUSTERIP_DEBUG
index 23f9c7ebe7ebb5992e57dbc9877b36c068ad9262..12a818a2462f2a8caf9f8fea514d401fd1d7311b 100644 (file)
@@ -28,7 +28,7 @@ static inline int
 set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
 {
        struct iphdr *iph = (*pskb)->nh.iph;
-       u_int16_t oldtos;
+       __be16 oldtos;
 
        if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
                if (!skb_make_writable(pskb, sizeof(struct iphdr)))
@@ -37,7 +37,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
                oldtos = iph->tos;
                iph->tos &= ~IPT_ECN_IP_MASK;
                iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
-               iph->check = nf_csum_update(oldtos ^ 0xFFFF, iph->tos,
+               iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos,
                                            iph->check);
        } 
        return 1;
@@ -48,7 +48,7 @@ static inline int
 set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
 {
        struct tcphdr _tcph, *tcph;
-       u_int16_t oldval;
+       __be16 oldval;
 
        /* Not enought header? */
        tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
@@ -66,15 +66,15 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
                return 0;
        tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4;
 
-       oldval = ((u_int16_t *)tcph)[6];
+       oldval = ((__be16 *)tcph)[6];
        if (einfo->operation & IPT_ECN_OP_SET_ECE)
                tcph->ece = einfo->proto.tcp.ece;
        if (einfo->operation & IPT_ECN_OP_SET_CWR)
                tcph->cwr = einfo->proto.tcp.cwr;
 
        tcph->check = nf_proto_csum_update((*pskb),
-                                          oldval ^ 0xFFFF,
-                                          ((u_int16_t *)tcph)[6],
+                                          oldval ^ htons(0xFFFF),
+                                          ((__be16 *)tcph)[6],
                                           tcph->check, 0);
        return 1;
 }
index beb2914225ff6e4db3c64a800678a7f6ed4b35a8..58a88f2271081383c81b25c6c2dca4ff3d7ac010 100644 (file)
@@ -58,7 +58,7 @@ target(struct sk_buff **pskb,
 {
        struct ip_conntrack *ct;
        enum ip_conntrack_info ctinfo;
-       u_int32_t new_ip, netmask;
+       __be32 new_ip, netmask;
        const struct ip_nat_multi_range_compat *mr = targinfo;
        struct ip_nat_range newrange;
 
index b81821edd893382a20ca9d996a47209fc90f97ec..fd0c05efed8a088ead0dc29ca1e08a05147a9e22 100644 (file)
@@ -104,8 +104,8 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        struct iphdr *iph = oldskb->nh.iph;
        struct tcphdr _otcph, *oth, *tcph;
        struct rtable *rt;
-       u_int16_t tmp_port;
-       u_int32_t tmp_addr;
+       __be16 tmp_port;
+       __be32 tmp_addr;
        int needs_ack;
        int hh_len;
 
index efbcb119883244bc3273d9a5f31f263ad232a400..b38b13328d739fce3b3fc3a54d312f772501cffc 100644 (file)
@@ -135,7 +135,8 @@ same_target(struct sk_buff **pskb,
 {
        struct ip_conntrack *ct;
        enum ip_conntrack_info ctinfo;
-       u_int32_t tmpip, aindex, new_ip;
+       u_int32_t tmpip, aindex;
+       __be32 new_ip;
        const struct ipt_same_info *same = targinfo;
        struct ip_nat_range newrange;
        const struct ip_conntrack_tuple *t;
index 4246c4321e5bb74333bc9a1ed1a3fde6929b6510..108b6b76311fea42b48312a217bdf07e42137191 100644 (file)
@@ -42,7 +42,8 @@ ipt_tcpmss_target(struct sk_buff **pskb,
        const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
        struct tcphdr *tcph;
        struct iphdr *iph;
-       u_int16_t tcplen, newtotlen, oldval, newmss;
+       u_int16_t tcplen, newmss;
+       __be16 newtotlen, oldval;
        unsigned int i;
        u_int8_t *opt;
 
@@ -97,7 +98,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
                        opt[i+3] = (newmss & 0x00ff);
 
                        tcph->check = nf_proto_csum_update(*pskb,
-                                                          htons(oldmss)^0xFFFF,
+                                                          htons(oldmss)^htons(0xFFFF),
                                                           htons(newmss),
                                                           tcph->check, 0);
                        return IPT_CONTINUE;
@@ -126,7 +127,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
        memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
 
        tcph->check = nf_proto_csum_update(*pskb,
-                                          htons(tcplen) ^ 0xFFFF,
+                                          htons(tcplen) ^ htons(0xFFFF),
                                           htons(tcplen + TCPOLEN_MSS),
                                           tcph->check, 1);
        opt[0] = TCPOPT_MSS;
@@ -134,18 +135,18 @@ ipt_tcpmss_target(struct sk_buff **pskb,
        opt[2] = (newmss & 0xff00) >> 8;
        opt[3] = (newmss & 0x00ff);
 
-       tcph->check = nf_proto_csum_update(*pskb, ~0, *((u_int32_t *)opt),
+       tcph->check = nf_proto_csum_update(*pskb, htonl(~0), *((__be32 *)opt),
                                           tcph->check, 0);
 
-       oldval = ((u_int16_t *)tcph)[6];
+       oldval = ((__be16 *)tcph)[6];
        tcph->doff += TCPOLEN_MSS/4;
        tcph->check = nf_proto_csum_update(*pskb,
-                                          oldval ^ 0xFFFF,
-                                          ((u_int16_t *)tcph)[6],
+                                          oldval ^ htons(0xFFFF),
+                                          ((__be16 *)tcph)[6],
                                           tcph->check, 0);
 
        newtotlen = htons(ntohs(iph->tot_len) + TCPOLEN_MSS);
-       iph->check = nf_csum_update(iph->tot_len ^ 0xFFFF,
+       iph->check = nf_csum_update(iph->tot_len ^ htons(0xFFFF),
                                    newtotlen, iph->check);
        iph->tot_len = newtotlen;
        return IPT_CONTINUE;
index 471a4c438b0af123ec174e8e51bcae9b27be7695..6b8b14ccc3d3ff9a0fa0610a0e08df6d274cf2ef 100644 (file)
@@ -30,7 +30,7 @@ target(struct sk_buff **pskb,
 {
        const struct ipt_tos_target_info *tosinfo = targinfo;
        struct iphdr *iph = (*pskb)->nh.iph;
-       u_int16_t oldtos;
+       __be16 oldtos;
 
        if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
                if (!skb_make_writable(pskb, sizeof(struct iphdr)))
@@ -38,7 +38,7 @@ target(struct sk_buff **pskb,
                iph = (*pskb)->nh.iph;
                oldtos = iph->tos;
                iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
-               iph->check = nf_csum_update(oldtos ^ 0xFFFF, iph->tos,
+               iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos,
                                            iph->check);
        }
        return IPT_CONTINUE;
index 96e79cc6d0f233dd20cb95b4ffc76336a72d2a7d..ac9517d62af0e1d79a3e81da2142e26578d7e269 100644 (file)
@@ -54,8 +54,8 @@ ipt_ttl_target(struct sk_buff **pskb,
        }
 
        if (new_ttl != iph->ttl) {
-               iph->check = nf_csum_update(ntohs((iph->ttl << 8)) ^ 0xFFFF,
-                                           ntohs(new_ttl << 8),
+               iph->check = nf_csum_update(htons((iph->ttl << 8)) ^ htons(0xFFFF),
+                                           htons(new_ttl << 8),
                                            iph->check);
                iph->ttl = new_ttl;
        }
index 4f73a61aa3dd48e6b2bedb2bd9f851819837842d..33ccdbf8e7940b0f37d6d0fe0557b7e633530554 100644 (file)
@@ -50,11 +50,11 @@ static struct file_operations dl_file_ops;
 /* hash table crap */
 
 struct dsthash_dst {
-       u_int32_t src_ip;
-       u_int32_t dst_ip;
+       __be32 src_ip;
+       __be32 dst_ip;
        /* ports have to be consecutive !!! */
-       u_int16_t src_port;
-       u_int16_t dst_port;
+       __be16 src_port;
+       __be16 dst_port;
 };
 
 struct dsthash_ent {
@@ -106,8 +106,10 @@ static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b)
 static inline u_int32_t
 hash_dst(const struct ipt_hashlimit_htable *ht, const struct dsthash_dst *dst)
 {
-       return (jhash_3words(dst->dst_ip, (dst->dst_port<<16 | dst->src_port), 
-                            dst->src_ip, ht->rnd) % ht->cfg.size);
+       return (jhash_3words((__force u32)dst->dst_ip,
+                           ((__force u32)dst->dst_port<<16 |
+                            (__force u32)dst->src_port),
+                            (__force u32)dst->src_ip, ht->rnd) % ht->cfg.size);
 }
 
 static inline struct dsthash_ent *
@@ -406,7 +408,7 @@ hashlimit_match(const struct sk_buff *skb,
                dst.src_ip = skb->nh.iph->saddr;
        if (hinfo->cfg.mode & IPT_HASHLIMIT_HASH_DPT
            ||hinfo->cfg.mode & IPT_HASHLIMIT_HASH_SPT) {
-               u_int16_t _ports[2], *ports;
+               __be16 _ports[2], *ports;
 
                switch (skb->nh.iph->protocol) {
                case IPPROTO_TCP:
index 32ae8d7ac50654c41ff3288d4be4a996e3ce4a79..126db44e71a8eaa3fd91fa5ba36f8bbd27db46fe 100644 (file)
@@ -50,11 +50,10 @@ MODULE_PARM_DESC(ip_list_perms, "permissions on /proc/net/ipt_recent/* files");
 MODULE_PARM_DESC(ip_list_uid,"owner of /proc/net/ipt_recent/* files");
 MODULE_PARM_DESC(ip_list_gid,"owning group of /proc/net/ipt_recent/* files");
 
-
 struct recent_entry {
        struct list_head        list;
        struct list_head        lru_list;
-       u_int32_t               addr;
+       __be32                  addr;
        u_int8_t                ttl;
        u_int8_t                index;
        u_int16_t               nstamps;
@@ -85,17 +84,17 @@ static struct file_operations       recent_fops;
 static u_int32_t hash_rnd;
 static int hash_rnd_initted;
 
-static unsigned int recent_entry_hash(u_int32_t addr)
+static unsigned int recent_entry_hash(__be32 addr)
 {
        if (!hash_rnd_initted) {
                get_random_bytes(&hash_rnd, 4);
                hash_rnd_initted = 1;
        }
-       return jhash_1word(addr, hash_rnd) & (ip_list_hash_size - 1);
+       return jhash_1word((__force u32)addr, hash_rnd) & (ip_list_hash_size - 1);
 }
 
 static struct recent_entry *
-recent_entry_lookup(const struct recent_table *table, u_int32_t addr, u_int8_t ttl)
+recent_entry_lookup(const struct recent_table *table, __be32 addr, u_int8_t ttl)
 {
        struct recent_entry *e;
        unsigned int h;
@@ -116,7 +115,7 @@ static void recent_entry_remove(struct recent_table *t, struct recent_entry *e)
 }
 
 static struct recent_entry *
-recent_entry_init(struct recent_table *t, u_int32_t addr, u_int8_t ttl)
+recent_entry_init(struct recent_table *t, __be32 addr, u_int8_t ttl)
 {
        struct recent_entry *e;
 
@@ -178,7 +177,7 @@ ipt_recent_match(const struct sk_buff *skb,
        const struct ipt_recent_info *info = matchinfo;
        struct recent_table *t;
        struct recent_entry *e;
-       u_int32_t addr;
+       __be32 addr;
        u_int8_t ttl;
        int ret = info->invert;
 
@@ -406,7 +405,7 @@ static ssize_t recent_proc_write(struct file *file, const char __user *input,
        struct recent_table *t = pde->data;
        struct recent_entry *e;
        char buf[sizeof("+255.255.255.255")], *c = buf;
-       u_int32_t addr;
+       __be32 addr;
        int add;
 
        if (size > sizeof(buf))
index 79336cb42527387d9708fcdb9c4bd4105ea66767..e62ea2bb9c0ac422f7c77e39aa7f99eba5fa6e3b 100644 (file)
@@ -131,7 +131,7 @@ ipt_local_hook(unsigned int hook,
 {
        unsigned int ret;
        u_int8_t tos;
-       u_int32_t saddr, daddr;
+       __be32 saddr, daddr;
        unsigned long nfmark;
 
        /* root is playing with raw sockets. */