提交 6a19d614 编写于 作者: A Al Viro 提交者: David S. Miller

[NETFILTER]: ipt annotations

Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 a76b11dd
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
struct ipt_iprange { struct ipt_iprange {
/* Inclusive: network order. */ /* Inclusive: network order. */
u_int32_t min_ip, max_ip; __be32 min_ip, max_ip;
}; };
struct ipt_iprange_info struct ipt_iprange_info
......
...@@ -52,7 +52,7 @@ struct clusterip_config { ...@@ -52,7 +52,7 @@ struct clusterip_config {
atomic_t entries; /* number of entries/rules atomic_t entries; /* number of entries/rules
* referencing us */ * referencing us */
u_int32_t clusterip; /* the IP address */ __be32 clusterip; /* the IP address */
u_int8_t clustermac[ETH_ALEN]; /* the MAC address */ u_int8_t clustermac[ETH_ALEN]; /* the MAC address */
struct net_device *dev; /* device */ struct net_device *dev; /* device */
u_int16_t num_total_nodes; /* total number of nodes */ u_int16_t num_total_nodes; /* total number of nodes */
...@@ -119,7 +119,7 @@ clusterip_config_entry_put(struct clusterip_config *c) ...@@ -119,7 +119,7 @@ clusterip_config_entry_put(struct clusterip_config *c)
} }
static struct clusterip_config * static struct clusterip_config *
__clusterip_config_find(u_int32_t clusterip) __clusterip_config_find(__be32 clusterip)
{ {
struct list_head *pos; struct list_head *pos;
...@@ -136,7 +136,7 @@ __clusterip_config_find(u_int32_t clusterip) ...@@ -136,7 +136,7 @@ __clusterip_config_find(u_int32_t clusterip)
} }
static inline struct clusterip_config * static inline struct clusterip_config *
clusterip_config_find_get(u_int32_t clusterip, int entry) clusterip_config_find_get(__be32 clusterip, int entry)
{ {
struct clusterip_config *c; struct clusterip_config *c;
...@@ -166,7 +166,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c, ...@@ -166,7 +166,7 @@ clusterip_config_init_nodelist(struct clusterip_config *c,
} }
static struct clusterip_config * static struct clusterip_config *
clusterip_config_init(struct ipt_clusterip_tgt_info *i, u_int32_t ip, clusterip_config_init(struct ipt_clusterip_tgt_info *i, __be32 ip,
struct net_device *dev) struct net_device *dev)
{ {
struct clusterip_config *c; struct clusterip_config *c;
...@@ -387,7 +387,7 @@ checkentry(const char *tablename, ...@@ -387,7 +387,7 @@ checkentry(const char *tablename,
return 0; return 0;
} }
if (e->ip.dmsk.s_addr != 0xffffffff if (e->ip.dmsk.s_addr != htonl(0xffffffff)
|| e->ip.dst.s_addr == 0) { || e->ip.dst.s_addr == 0) {
printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n"); printk(KERN_ERR "CLUSTERIP: Please specify destination IP\n");
return 0; return 0;
...@@ -476,9 +476,9 @@ static struct ipt_target clusterip_tgt = { ...@@ -476,9 +476,9 @@ static struct ipt_target clusterip_tgt = {
/* hardcoded for 48bit ethernet and 32bit ipv4 addresses */ /* hardcoded for 48bit ethernet and 32bit ipv4 addresses */
struct arp_payload { struct arp_payload {
u_int8_t src_hw[ETH_ALEN]; u_int8_t src_hw[ETH_ALEN];
u_int32_t src_ip; __be32 src_ip;
u_int8_t dst_hw[ETH_ALEN]; u_int8_t dst_hw[ETH_ALEN];
u_int32_t dst_ip; __be32 dst_ip;
} __attribute__ ((packed)); } __attribute__ ((packed));
#ifdef CLUSTERIP_DEBUG #ifdef CLUSTERIP_DEBUG
......
...@@ -28,7 +28,7 @@ static inline int ...@@ -28,7 +28,7 @@ static inline int
set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
{ {
struct iphdr *iph = (*pskb)->nh.iph; struct iphdr *iph = (*pskb)->nh.iph;
u_int16_t oldtos; __be16 oldtos;
if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
if (!skb_make_writable(pskb, sizeof(struct iphdr))) if (!skb_make_writable(pskb, sizeof(struct iphdr)))
...@@ -37,7 +37,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) ...@@ -37,7 +37,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
oldtos = iph->tos; oldtos = iph->tos;
iph->tos &= ~IPT_ECN_IP_MASK; iph->tos &= ~IPT_ECN_IP_MASK;
iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
iph->check = nf_csum_update(oldtos ^ 0xFFFF, iph->tos, iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos,
iph->check); iph->check);
} }
return 1; return 1;
...@@ -48,7 +48,7 @@ static inline int ...@@ -48,7 +48,7 @@ static inline int
set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
{ {
struct tcphdr _tcph, *tcph; struct tcphdr _tcph, *tcph;
u_int16_t oldval; __be16 oldval;
/* Not enought header? */ /* Not enought header? */
tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
...@@ -66,15 +66,15 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) ...@@ -66,15 +66,15 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
return 0; return 0;
tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4;
oldval = ((u_int16_t *)tcph)[6]; oldval = ((__be16 *)tcph)[6];
if (einfo->operation & IPT_ECN_OP_SET_ECE) if (einfo->operation & IPT_ECN_OP_SET_ECE)
tcph->ece = einfo->proto.tcp.ece; tcph->ece = einfo->proto.tcp.ece;
if (einfo->operation & IPT_ECN_OP_SET_CWR) if (einfo->operation & IPT_ECN_OP_SET_CWR)
tcph->cwr = einfo->proto.tcp.cwr; tcph->cwr = einfo->proto.tcp.cwr;
tcph->check = nf_proto_csum_update((*pskb), tcph->check = nf_proto_csum_update((*pskb),
oldval ^ 0xFFFF, oldval ^ htons(0xFFFF),
((u_int16_t *)tcph)[6], ((__be16 *)tcph)[6],
tcph->check, 0); tcph->check, 0);
return 1; return 1;
} }
......
...@@ -58,7 +58,7 @@ target(struct sk_buff **pskb, ...@@ -58,7 +58,7 @@ target(struct sk_buff **pskb,
{ {
struct ip_conntrack *ct; struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
u_int32_t new_ip, netmask; __be32 new_ip, netmask;
const struct ip_nat_multi_range_compat *mr = targinfo; const struct ip_nat_multi_range_compat *mr = targinfo;
struct ip_nat_range newrange; struct ip_nat_range newrange;
......
...@@ -104,8 +104,8 @@ static void send_reset(struct sk_buff *oldskb, int hook) ...@@ -104,8 +104,8 @@ static void send_reset(struct sk_buff *oldskb, int hook)
struct iphdr *iph = oldskb->nh.iph; struct iphdr *iph = oldskb->nh.iph;
struct tcphdr _otcph, *oth, *tcph; struct tcphdr _otcph, *oth, *tcph;
struct rtable *rt; struct rtable *rt;
u_int16_t tmp_port; __be16 tmp_port;
u_int32_t tmp_addr; __be32 tmp_addr;
int needs_ack; int needs_ack;
int hh_len; int hh_len;
......
...@@ -135,7 +135,8 @@ same_target(struct sk_buff **pskb, ...@@ -135,7 +135,8 @@ same_target(struct sk_buff **pskb,
{ {
struct ip_conntrack *ct; struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
u_int32_t tmpip, aindex, new_ip; u_int32_t tmpip, aindex;
__be32 new_ip;
const struct ipt_same_info *same = targinfo; const struct ipt_same_info *same = targinfo;
struct ip_nat_range newrange; struct ip_nat_range newrange;
const struct ip_conntrack_tuple *t; const struct ip_conntrack_tuple *t;
......
...@@ -42,7 +42,8 @@ ipt_tcpmss_target(struct sk_buff **pskb, ...@@ -42,7 +42,8 @@ ipt_tcpmss_target(struct sk_buff **pskb,
const struct ipt_tcpmss_info *tcpmssinfo = targinfo; const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
struct tcphdr *tcph; struct tcphdr *tcph;
struct iphdr *iph; struct iphdr *iph;
u_int16_t tcplen, newtotlen, oldval, newmss; u_int16_t tcplen, newmss;
__be16 newtotlen, oldval;
unsigned int i; unsigned int i;
u_int8_t *opt; u_int8_t *opt;
...@@ -97,7 +98,7 @@ ipt_tcpmss_target(struct sk_buff **pskb, ...@@ -97,7 +98,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
opt[i+3] = (newmss & 0x00ff); opt[i+3] = (newmss & 0x00ff);
tcph->check = nf_proto_csum_update(*pskb, tcph->check = nf_proto_csum_update(*pskb,
htons(oldmss)^0xFFFF, htons(oldmss)^htons(0xFFFF),
htons(newmss), htons(newmss),
tcph->check, 0); tcph->check, 0);
return IPT_CONTINUE; return IPT_CONTINUE;
...@@ -126,7 +127,7 @@ ipt_tcpmss_target(struct sk_buff **pskb, ...@@ -126,7 +127,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
tcph->check = nf_proto_csum_update(*pskb, tcph->check = nf_proto_csum_update(*pskb,
htons(tcplen) ^ 0xFFFF, htons(tcplen) ^ htons(0xFFFF),
htons(tcplen + TCPOLEN_MSS), htons(tcplen + TCPOLEN_MSS),
tcph->check, 1); tcph->check, 1);
opt[0] = TCPOPT_MSS; opt[0] = TCPOPT_MSS;
...@@ -134,18 +135,18 @@ ipt_tcpmss_target(struct sk_buff **pskb, ...@@ -134,18 +135,18 @@ ipt_tcpmss_target(struct sk_buff **pskb,
opt[2] = (newmss & 0xff00) >> 8; opt[2] = (newmss & 0xff00) >> 8;
opt[3] = (newmss & 0x00ff); opt[3] = (newmss & 0x00ff);
tcph->check = nf_proto_csum_update(*pskb, ~0, *((u_int32_t *)opt), tcph->check = nf_proto_csum_update(*pskb, htonl(~0), *((__be32 *)opt),
tcph->check, 0); tcph->check, 0);
oldval = ((u_int16_t *)tcph)[6]; oldval = ((__be16 *)tcph)[6];
tcph->doff += TCPOLEN_MSS/4; tcph->doff += TCPOLEN_MSS/4;
tcph->check = nf_proto_csum_update(*pskb, tcph->check = nf_proto_csum_update(*pskb,
oldval ^ 0xFFFF, oldval ^ htons(0xFFFF),
((u_int16_t *)tcph)[6], ((__be16 *)tcph)[6],
tcph->check, 0); tcph->check, 0);
newtotlen = htons(ntohs(iph->tot_len) + TCPOLEN_MSS); newtotlen = htons(ntohs(iph->tot_len) + TCPOLEN_MSS);
iph->check = nf_csum_update(iph->tot_len ^ 0xFFFF, iph->check = nf_csum_update(iph->tot_len ^ htons(0xFFFF),
newtotlen, iph->check); newtotlen, iph->check);
iph->tot_len = newtotlen; iph->tot_len = newtotlen;
return IPT_CONTINUE; return IPT_CONTINUE;
......
...@@ -30,7 +30,7 @@ target(struct sk_buff **pskb, ...@@ -30,7 +30,7 @@ target(struct sk_buff **pskb,
{ {
const struct ipt_tos_target_info *tosinfo = targinfo; const struct ipt_tos_target_info *tosinfo = targinfo;
struct iphdr *iph = (*pskb)->nh.iph; struct iphdr *iph = (*pskb)->nh.iph;
u_int16_t oldtos; __be16 oldtos;
if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
if (!skb_make_writable(pskb, sizeof(struct iphdr))) if (!skb_make_writable(pskb, sizeof(struct iphdr)))
...@@ -38,7 +38,7 @@ target(struct sk_buff **pskb, ...@@ -38,7 +38,7 @@ target(struct sk_buff **pskb,
iph = (*pskb)->nh.iph; iph = (*pskb)->nh.iph;
oldtos = iph->tos; oldtos = iph->tos;
iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
iph->check = nf_csum_update(oldtos ^ 0xFFFF, iph->tos, iph->check = nf_csum_update(oldtos ^ htons(0xFFFF), iph->tos,
iph->check); iph->check);
} }
return IPT_CONTINUE; return IPT_CONTINUE;
......
...@@ -54,8 +54,8 @@ ipt_ttl_target(struct sk_buff **pskb, ...@@ -54,8 +54,8 @@ ipt_ttl_target(struct sk_buff **pskb,
} }
if (new_ttl != iph->ttl) { if (new_ttl != iph->ttl) {
iph->check = nf_csum_update(ntohs((iph->ttl << 8)) ^ 0xFFFF, iph->check = nf_csum_update(htons((iph->ttl << 8)) ^ htons(0xFFFF),
ntohs(new_ttl << 8), htons(new_ttl << 8),
iph->check); iph->check);
iph->ttl = new_ttl; iph->ttl = new_ttl;
} }
......
...@@ -50,11 +50,11 @@ static struct file_operations dl_file_ops; ...@@ -50,11 +50,11 @@ static struct file_operations dl_file_ops;
/* hash table crap */ /* hash table crap */
struct dsthash_dst { struct dsthash_dst {
u_int32_t src_ip; __be32 src_ip;
u_int32_t dst_ip; __be32 dst_ip;
/* ports have to be consecutive !!! */ /* ports have to be consecutive !!! */
u_int16_t src_port; __be16 src_port;
u_int16_t dst_port; __be16 dst_port;
}; };
struct dsthash_ent { struct dsthash_ent {
...@@ -106,8 +106,10 @@ static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b) ...@@ -106,8 +106,10 @@ static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b)
static inline u_int32_t static inline u_int32_t
hash_dst(const struct ipt_hashlimit_htable *ht, const struct dsthash_dst *dst) hash_dst(const struct ipt_hashlimit_htable *ht, const struct dsthash_dst *dst)
{ {
return (jhash_3words(dst->dst_ip, (dst->dst_port<<16 | dst->src_port), return (jhash_3words((__force u32)dst->dst_ip,
dst->src_ip, ht->rnd) % ht->cfg.size); ((__force u32)dst->dst_port<<16 |
(__force u32)dst->src_port),
(__force u32)dst->src_ip, ht->rnd) % ht->cfg.size);
} }
static inline struct dsthash_ent * static inline struct dsthash_ent *
...@@ -406,7 +408,7 @@ hashlimit_match(const struct sk_buff *skb, ...@@ -406,7 +408,7 @@ hashlimit_match(const struct sk_buff *skb,
dst.src_ip = skb->nh.iph->saddr; dst.src_ip = skb->nh.iph->saddr;
if (hinfo->cfg.mode & IPT_HASHLIMIT_HASH_DPT if (hinfo->cfg.mode & IPT_HASHLIMIT_HASH_DPT
||hinfo->cfg.mode & IPT_HASHLIMIT_HASH_SPT) { ||hinfo->cfg.mode & IPT_HASHLIMIT_HASH_SPT) {
u_int16_t _ports[2], *ports; __be16 _ports[2], *ports;
switch (skb->nh.iph->protocol) { switch (skb->nh.iph->protocol) {
case IPPROTO_TCP: case IPPROTO_TCP:
......
...@@ -50,11 +50,10 @@ MODULE_PARM_DESC(ip_list_perms, "permissions on /proc/net/ipt_recent/* files"); ...@@ -50,11 +50,10 @@ MODULE_PARM_DESC(ip_list_perms, "permissions on /proc/net/ipt_recent/* files");
MODULE_PARM_DESC(ip_list_uid,"owner of /proc/net/ipt_recent/* files"); MODULE_PARM_DESC(ip_list_uid,"owner of /proc/net/ipt_recent/* files");
MODULE_PARM_DESC(ip_list_gid,"owning group of /proc/net/ipt_recent/* files"); MODULE_PARM_DESC(ip_list_gid,"owning group of /proc/net/ipt_recent/* files");
struct recent_entry { struct recent_entry {
struct list_head list; struct list_head list;
struct list_head lru_list; struct list_head lru_list;
u_int32_t addr; __be32 addr;
u_int8_t ttl; u_int8_t ttl;
u_int8_t index; u_int8_t index;
u_int16_t nstamps; u_int16_t nstamps;
...@@ -85,17 +84,17 @@ static struct file_operations recent_fops; ...@@ -85,17 +84,17 @@ static struct file_operations recent_fops;
static u_int32_t hash_rnd; static u_int32_t hash_rnd;
static int hash_rnd_initted; static int hash_rnd_initted;
static unsigned int recent_entry_hash(u_int32_t addr) static unsigned int recent_entry_hash(__be32 addr)
{ {
if (!hash_rnd_initted) { if (!hash_rnd_initted) {
get_random_bytes(&hash_rnd, 4); get_random_bytes(&hash_rnd, 4);
hash_rnd_initted = 1; hash_rnd_initted = 1;
} }
return jhash_1word(addr, hash_rnd) & (ip_list_hash_size - 1); return jhash_1word((__force u32)addr, hash_rnd) & (ip_list_hash_size - 1);
} }
static struct recent_entry * static struct recent_entry *
recent_entry_lookup(const struct recent_table *table, u_int32_t addr, u_int8_t ttl) recent_entry_lookup(const struct recent_table *table, __be32 addr, u_int8_t ttl)
{ {
struct recent_entry *e; struct recent_entry *e;
unsigned int h; unsigned int h;
...@@ -116,7 +115,7 @@ static void recent_entry_remove(struct recent_table *t, struct recent_entry *e) ...@@ -116,7 +115,7 @@ static void recent_entry_remove(struct recent_table *t, struct recent_entry *e)
} }
static struct recent_entry * static struct recent_entry *
recent_entry_init(struct recent_table *t, u_int32_t addr, u_int8_t ttl) recent_entry_init(struct recent_table *t, __be32 addr, u_int8_t ttl)
{ {
struct recent_entry *e; struct recent_entry *e;
...@@ -178,7 +177,7 @@ ipt_recent_match(const struct sk_buff *skb, ...@@ -178,7 +177,7 @@ ipt_recent_match(const struct sk_buff *skb,
const struct ipt_recent_info *info = matchinfo; const struct ipt_recent_info *info = matchinfo;
struct recent_table *t; struct recent_table *t;
struct recent_entry *e; struct recent_entry *e;
u_int32_t addr; __be32 addr;
u_int8_t ttl; u_int8_t ttl;
int ret = info->invert; int ret = info->invert;
...@@ -406,7 +405,7 @@ static ssize_t recent_proc_write(struct file *file, const char __user *input, ...@@ -406,7 +405,7 @@ static ssize_t recent_proc_write(struct file *file, const char __user *input,
struct recent_table *t = pde->data; struct recent_table *t = pde->data;
struct recent_entry *e; struct recent_entry *e;
char buf[sizeof("+255.255.255.255")], *c = buf; char buf[sizeof("+255.255.255.255")], *c = buf;
u_int32_t addr; __be32 addr;
int add; int add;
if (size > sizeof(buf)) if (size > sizeof(buf))
......
...@@ -131,7 +131,7 @@ ipt_local_hook(unsigned int hook, ...@@ -131,7 +131,7 @@ ipt_local_hook(unsigned int hook,
{ {
unsigned int ret; unsigned int ret;
u_int8_t tos; u_int8_t tos;
u_int32_t saddr, daddr; __be32 saddr, daddr;
unsigned long nfmark; unsigned long nfmark;
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册