Commit 5452e425adfdfc4647b618e303f73d48f2405b0e
Committed by
Patrick McHardy
Patrick McHardy
1 parent
3cf93c96af
Exists in
master
and in
7 other branches
[NETFILTER]: annotate {arp,ip,ip6,x}tables with const
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Showing 6 changed files with 59 additions and 56 deletions Side-by-side Diff
include/linux/netfilter/x_tables.h
| ... | ... | @@ -430,13 +430,13 @@ |
| 430 | 430 | extern void xt_compat_flush_offsets(int af); |
| 431 | 431 | extern short xt_compat_calc_jump(int af, unsigned int offset); |
| 432 | 432 | |
| 433 | -extern int xt_compat_match_offset(struct xt_match *match); | |
| 433 | +extern int xt_compat_match_offset(const struct xt_match *match); | |
| 434 | 434 | extern int xt_compat_match_from_user(struct xt_entry_match *m, |
| 435 | 435 | void **dstptr, unsigned int *size); |
| 436 | 436 | extern int xt_compat_match_to_user(struct xt_entry_match *m, |
| 437 | 437 | void __user **dstptr, unsigned int *size); |
| 438 | 438 | |
| 439 | -extern int xt_compat_target_offset(struct xt_target *target); | |
| 439 | +extern int xt_compat_target_offset(const struct xt_target *target); | |
| 440 | 440 | extern void xt_compat_target_from_user(struct xt_entry_target *t, |
| 441 | 441 | void **dstptr, unsigned int *size); |
| 442 | 442 | extern int xt_compat_target_to_user(struct xt_entry_target *t, |
net/ipv4/netfilter/arp_tables.c
| ... | ... | @@ -59,7 +59,7 @@ |
| 59 | 59 | #endif |
| 60 | 60 | |
| 61 | 61 | static inline int arp_devaddr_compare(const struct arpt_devaddr_info *ap, |
| 62 | - char *hdr_addr, int len) | |
| 62 | + const char *hdr_addr, int len) | |
| 63 | 63 | { |
| 64 | 64 | int i, ret; |
| 65 | 65 | |
| ... | ... | @@ -80,8 +80,8 @@ |
| 80 | 80 | const char *outdev, |
| 81 | 81 | const struct arpt_arp *arpinfo) |
| 82 | 82 | { |
| 83 | - char *arpptr = (char *)(arphdr + 1); | |
| 84 | - char *src_devaddr, *tgt_devaddr; | |
| 83 | + const char *arpptr = (char *)(arphdr + 1); | |
| 84 | + const char *src_devaddr, *tgt_devaddr; | |
| 85 | 85 | __be32 src_ipaddr, tgt_ipaddr; |
| 86 | 86 | int i, ret; |
| 87 | 87 | |
| 88 | 88 | |
| ... | ... | @@ -226,12 +226,12 @@ |
| 226 | 226 | { |
| 227 | 227 | static const char nulldevname[IFNAMSIZ]; |
| 228 | 228 | unsigned int verdict = NF_DROP; |
| 229 | - struct arphdr *arp; | |
| 229 | + const struct arphdr *arp; | |
| 230 | 230 | bool hotdrop = false; |
| 231 | 231 | struct arpt_entry *e, *back; |
| 232 | 232 | const char *indev, *outdev; |
| 233 | 233 | void *table_base; |
| 234 | - struct xt_table_info *private; | |
| 234 | + const struct xt_table_info *private; | |
| 235 | 235 | |
| 236 | 236 | if (!pskb_may_pull(skb, arp_hdr_len(skb->dev))) |
| 237 | 237 | return NF_DROP; |
| ... | ... | @@ -352,7 +352,7 @@ |
| 352 | 352 | e->counters.pcnt = pos; |
| 353 | 353 | |
| 354 | 354 | for (;;) { |
| 355 | - struct arpt_standard_target *t | |
| 355 | + const struct arpt_standard_target *t | |
| 356 | 356 | = (void *)arpt_get_target(e); |
| 357 | 357 | int visited = e->comefrom & (1 << hook); |
| 358 | 358 | |
| ... | ... | @@ -437,7 +437,7 @@ |
| 437 | 437 | |
| 438 | 438 | static inline int check_entry(struct arpt_entry *e, const char *name) |
| 439 | 439 | { |
| 440 | - struct arpt_entry_target *t; | |
| 440 | + const struct arpt_entry_target *t; | |
| 441 | 441 | |
| 442 | 442 | if (!arp_checkentry(&e->arp)) { |
| 443 | 443 | duprintf("arp_tables: arp check failed %p %s.\n", e, name); |
| ... | ... | @@ -710,7 +710,7 @@ |
| 710 | 710 | { |
| 711 | 711 | unsigned int countersize; |
| 712 | 712 | struct xt_counters *counters; |
| 713 | - struct xt_table_info *private = table->private; | |
| 713 | + const struct xt_table_info *private = table->private; | |
| 714 | 714 | |
| 715 | 715 | /* We need atomic snapshot of counters: rest doesn't change |
| 716 | 716 | * (other than comefrom, which userspace doesn't care |
| ... | ... | @@ -737,7 +737,7 @@ |
| 737 | 737 | unsigned int off, num; |
| 738 | 738 | struct arpt_entry *e; |
| 739 | 739 | struct xt_counters *counters; |
| 740 | - struct xt_table_info *private = table->private; | |
| 740 | + const struct xt_table_info *private = table->private; | |
| 741 | 741 | int ret = 0; |
| 742 | 742 | void *loc_cpu_entry; |
| 743 | 743 | |
| ... | ... | @@ -872,7 +872,7 @@ |
| 872 | 872 | "arptable_%s", name); |
| 873 | 873 | if (t && !IS_ERR(t)) { |
| 874 | 874 | struct arpt_getinfo info; |
| 875 | - struct xt_table_info *private = t->private; | |
| 875 | + const struct xt_table_info *private = t->private; | |
| 876 | 876 | |
| 877 | 877 | #ifdef CONFIG_COMPAT |
| 878 | 878 | if (compat) { |
| ... | ... | @@ -927,7 +927,8 @@ |
| 927 | 927 | |
| 928 | 928 | t = xt_find_table_lock(net, NF_ARP, get.name); |
| 929 | 929 | if (t && !IS_ERR(t)) { |
| 930 | - struct xt_table_info *private = t->private; | |
| 930 | + const struct xt_table_info *private = t->private; | |
| 931 | + | |
| 931 | 932 | duprintf("t->private->number = %u\n", |
| 932 | 933 | private->number); |
| 933 | 934 | if (get.size == private->size) |
| 934 | 935 | |
| ... | ... | @@ -1087,11 +1088,11 @@ |
| 1087 | 1088 | struct xt_counters_info tmp; |
| 1088 | 1089 | struct xt_counters *paddc; |
| 1089 | 1090 | unsigned int num_counters; |
| 1090 | - char *name; | |
| 1091 | + const char *name; | |
| 1091 | 1092 | int size; |
| 1092 | 1093 | void *ptmp; |
| 1093 | 1094 | struct arpt_table *t; |
| 1094 | - struct xt_table_info *private; | |
| 1095 | + const struct xt_table_info *private; | |
| 1095 | 1096 | int ret = 0; |
| 1096 | 1097 | void *loc_cpu_entry; |
| 1097 | 1098 | #ifdef CONFIG_COMPAT |
| ... | ... | @@ -1558,7 +1559,7 @@ |
| 1558 | 1559 | void __user *userptr) |
| 1559 | 1560 | { |
| 1560 | 1561 | struct xt_counters *counters; |
| 1561 | - struct xt_table_info *private = table->private; | |
| 1562 | + const struct xt_table_info *private = table->private; | |
| 1562 | 1563 | void __user *pos; |
| 1563 | 1564 | unsigned int size; |
| 1564 | 1565 | int ret = 0; |
| ... | ... | @@ -1609,7 +1610,7 @@ |
| 1609 | 1610 | xt_compat_lock(NF_ARP); |
| 1610 | 1611 | t = xt_find_table_lock(net, NF_ARP, get.name); |
| 1611 | 1612 | if (t && !IS_ERR(t)) { |
| 1612 | - struct xt_table_info *private = t->private; | |
| 1613 | + const struct xt_table_info *private = t->private; | |
| 1613 | 1614 | struct xt_table_info info; |
| 1614 | 1615 | |
| 1615 | 1616 | duprintf("t->private->number = %u\n", private->number); |
net/ipv4/netfilter/arpt_mangle.c
net/ipv4/netfilter/ip_tables.c
| ... | ... | @@ -296,7 +296,7 @@ |
| 296 | 296 | struct ipt_entry *e) |
| 297 | 297 | { |
| 298 | 298 | void *table_base; |
| 299 | - struct ipt_entry *root; | |
| 299 | + const struct ipt_entry *root; | |
| 300 | 300 | char *hookname, *chainname, *comment; |
| 301 | 301 | unsigned int rulenum = 0; |
| 302 | 302 | |
| ... | ... | @@ -327,7 +327,7 @@ |
| 327 | 327 | { |
| 328 | 328 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); |
| 329 | 329 | u_int16_t offset; |
| 330 | - struct iphdr *ip; | |
| 330 | + const struct iphdr *ip; | |
| 331 | 331 | u_int16_t datalen; |
| 332 | 332 | bool hotdrop = false; |
| 333 | 333 | /* Initializing verdict to NF_DROP keeps gcc happy. */ |
| ... | ... | @@ -926,7 +926,7 @@ |
| 926 | 926 | { |
| 927 | 927 | unsigned int countersize; |
| 928 | 928 | struct xt_counters *counters; |
| 929 | - struct xt_table_info *private = table->private; | |
| 929 | + const struct xt_table_info *private = table->private; | |
| 930 | 930 | |
| 931 | 931 | /* We need atomic snapshot of counters: rest doesn't change |
| 932 | 932 | (other than comefrom, which userspace doesn't care |
| 933 | 933 | |
| ... | ... | @@ -953,9 +953,9 @@ |
| 953 | 953 | unsigned int off, num; |
| 954 | 954 | struct ipt_entry *e; |
| 955 | 955 | struct xt_counters *counters; |
| 956 | - struct xt_table_info *private = table->private; | |
| 956 | + const struct xt_table_info *private = table->private; | |
| 957 | 957 | int ret = 0; |
| 958 | - void *loc_cpu_entry; | |
| 958 | + const void *loc_cpu_entry; | |
| 959 | 959 | |
| 960 | 960 | counters = alloc_counters(table); |
| 961 | 961 | if (IS_ERR(counters)) |
| ... | ... | @@ -975,8 +975,8 @@ |
| 975 | 975 | /* ... then go back and fix counters and names */ |
| 976 | 976 | for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ |
| 977 | 977 | unsigned int i; |
| 978 | - struct ipt_entry_match *m; | |
| 979 | - struct ipt_entry_target *t; | |
| 978 | + const struct ipt_entry_match *m; | |
| 979 | + const struct ipt_entry_target *t; | |
| 980 | 980 | |
| 981 | 981 | e = (struct ipt_entry *)(loc_cpu_entry + off); |
| 982 | 982 | if (copy_to_user(userptr + off |
| ... | ... | @@ -1116,7 +1116,7 @@ |
| 1116 | 1116 | "iptable_%s", name); |
| 1117 | 1117 | if (t && !IS_ERR(t)) { |
| 1118 | 1118 | struct ipt_getinfo info; |
| 1119 | - struct xt_table_info *private = t->private; | |
| 1119 | + const struct xt_table_info *private = t->private; | |
| 1120 | 1120 | |
| 1121 | 1121 | #ifdef CONFIG_COMPAT |
| 1122 | 1122 | if (compat) { |
| ... | ... | @@ -1172,7 +1172,7 @@ |
| 1172 | 1172 | |
| 1173 | 1173 | t = xt_find_table_lock(net, AF_INET, get.name); |
| 1174 | 1174 | if (t && !IS_ERR(t)) { |
| 1175 | - struct xt_table_info *private = t->private; | |
| 1175 | + const struct xt_table_info *private = t->private; | |
| 1176 | 1176 | duprintf("t->private->number = %u\n", private->number); |
| 1177 | 1177 | if (get.size == private->size) |
| 1178 | 1178 | ret = copy_entries_to_user(private->size, |
| 1179 | 1179 | |
| ... | ... | @@ -1337,11 +1337,11 @@ |
| 1337 | 1337 | struct xt_counters_info tmp; |
| 1338 | 1338 | struct xt_counters *paddc; |
| 1339 | 1339 | unsigned int num_counters; |
| 1340 | - char *name; | |
| 1340 | + const char *name; | |
| 1341 | 1341 | int size; |
| 1342 | 1342 | void *ptmp; |
| 1343 | 1343 | struct xt_table *t; |
| 1344 | - struct xt_table_info *private; | |
| 1344 | + const struct xt_table_info *private; | |
| 1345 | 1345 | int ret = 0; |
| 1346 | 1346 | void *loc_cpu_entry; |
| 1347 | 1347 | #ifdef CONFIG_COMPAT |
| 1348 | 1348 | |
| ... | ... | @@ -1878,11 +1878,11 @@ |
| 1878 | 1878 | void __user *userptr) |
| 1879 | 1879 | { |
| 1880 | 1880 | struct xt_counters *counters; |
| 1881 | - struct xt_table_info *private = table->private; | |
| 1881 | + const struct xt_table_info *private = table->private; | |
| 1882 | 1882 | void __user *pos; |
| 1883 | 1883 | unsigned int size; |
| 1884 | 1884 | int ret = 0; |
| 1885 | - void *loc_cpu_entry; | |
| 1885 | + const void *loc_cpu_entry; | |
| 1886 | 1886 | unsigned int i = 0; |
| 1887 | 1887 | |
| 1888 | 1888 | counters = alloc_counters(table); |
| ... | ... | @@ -1929,7 +1929,7 @@ |
| 1929 | 1929 | xt_compat_lock(AF_INET); |
| 1930 | 1930 | t = xt_find_table_lock(net, AF_INET, get.name); |
| 1931 | 1931 | if (t && !IS_ERR(t)) { |
| 1932 | - struct xt_table_info *private = t->private; | |
| 1932 | + const struct xt_table_info *private = t->private; | |
| 1933 | 1933 | struct xt_table_info info; |
| 1934 | 1934 | duprintf("t->private->number = %u\n", private->number); |
| 1935 | 1935 | ret = compat_table_info(private, &info); |
| ... | ... | @@ -2130,7 +2130,8 @@ |
| 2130 | 2130 | unsigned int protoff, |
| 2131 | 2131 | bool *hotdrop) |
| 2132 | 2132 | { |
| 2133 | - struct icmphdr _icmph, *ic; | |
| 2133 | + const struct icmphdr *ic; | |
| 2134 | + struct icmphdr _icmph; | |
| 2134 | 2135 | const struct ipt_icmp *icmpinfo = matchinfo; |
| 2135 | 2136 | |
| 2136 | 2137 | /* Must not be a fragment. */ |
net/ipv6/netfilter/ip6_tables.c
| ... | ... | @@ -325,7 +325,7 @@ |
| 325 | 325 | struct ip6t_entry *e) |
| 326 | 326 | { |
| 327 | 327 | void *table_base; |
| 328 | - struct ip6t_entry *root; | |
| 328 | + const struct ip6t_entry *root; | |
| 329 | 329 | char *hookname, *chainname, *comment; |
| 330 | 330 | unsigned int rulenum = 0; |
| 331 | 331 | |
| ... | ... | @@ -952,7 +952,7 @@ |
| 952 | 952 | { |
| 953 | 953 | unsigned int countersize; |
| 954 | 954 | struct xt_counters *counters; |
| 955 | - struct xt_table_info *private = table->private; | |
| 955 | + const struct xt_table_info *private = table->private; | |
| 956 | 956 | |
| 957 | 957 | /* We need atomic snapshot of counters: rest doesn't change |
| 958 | 958 | (other than comefrom, which userspace doesn't care |
| 959 | 959 | |
| ... | ... | @@ -979,9 +979,9 @@ |
| 979 | 979 | unsigned int off, num; |
| 980 | 980 | struct ip6t_entry *e; |
| 981 | 981 | struct xt_counters *counters; |
| 982 | - struct xt_table_info *private = table->private; | |
| 982 | + const struct xt_table_info *private = table->private; | |
| 983 | 983 | int ret = 0; |
| 984 | - void *loc_cpu_entry; | |
| 984 | + const void *loc_cpu_entry; | |
| 985 | 985 | |
| 986 | 986 | counters = alloc_counters(table); |
| 987 | 987 | if (IS_ERR(counters)) |
| ... | ... | @@ -1001,8 +1001,8 @@ |
| 1001 | 1001 | /* ... then go back and fix counters and names */ |
| 1002 | 1002 | for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ |
| 1003 | 1003 | unsigned int i; |
| 1004 | - struct ip6t_entry_match *m; | |
| 1005 | - struct ip6t_entry_target *t; | |
| 1004 | + const struct ip6t_entry_match *m; | |
| 1005 | + const struct ip6t_entry_target *t; | |
| 1006 | 1006 | |
| 1007 | 1007 | e = (struct ip6t_entry *)(loc_cpu_entry + off); |
| 1008 | 1008 | if (copy_to_user(userptr + off |
| ... | ... | @@ -1142,7 +1142,7 @@ |
| 1142 | 1142 | "ip6table_%s", name); |
| 1143 | 1143 | if (t && !IS_ERR(t)) { |
| 1144 | 1144 | struct ip6t_getinfo info; |
| 1145 | - struct xt_table_info *private = t->private; | |
| 1145 | + const struct xt_table_info *private = t->private; | |
| 1146 | 1146 | |
| 1147 | 1147 | #ifdef CONFIG_COMPAT |
| 1148 | 1148 | if (compat) { |
| ... | ... | @@ -1225,7 +1225,7 @@ |
| 1225 | 1225 | struct xt_table *t; |
| 1226 | 1226 | struct xt_table_info *oldinfo; |
| 1227 | 1227 | struct xt_counters *counters; |
| 1228 | - void *loc_cpu_old_entry; | |
| 1228 | + const void *loc_cpu_old_entry; | |
| 1229 | 1229 | |
| 1230 | 1230 | ret = 0; |
| 1231 | 1231 | counters = vmalloc_node(num_counters * sizeof(struct xt_counters), |
| 1232 | 1232 | |
| ... | ... | @@ -1369,9 +1369,9 @@ |
| 1369 | 1369 | int size; |
| 1370 | 1370 | void *ptmp; |
| 1371 | 1371 | struct xt_table *t; |
| 1372 | - struct xt_table_info *private; | |
| 1372 | + const struct xt_table_info *private; | |
| 1373 | 1373 | int ret = 0; |
| 1374 | - void *loc_cpu_entry; | |
| 1374 | + const void *loc_cpu_entry; | |
| 1375 | 1375 | #ifdef CONFIG_COMPAT |
| 1376 | 1376 | struct compat_xt_counters_info compat_tmp; |
| 1377 | 1377 | |
| 1378 | 1378 | |
| ... | ... | @@ -1905,11 +1905,11 @@ |
| 1905 | 1905 | void __user *userptr) |
| 1906 | 1906 | { |
| 1907 | 1907 | struct xt_counters *counters; |
| 1908 | - struct xt_table_info *private = table->private; | |
| 1908 | + const struct xt_table_info *private = table->private; | |
| 1909 | 1909 | void __user *pos; |
| 1910 | 1910 | unsigned int size; |
| 1911 | 1911 | int ret = 0; |
| 1912 | - void *loc_cpu_entry; | |
| 1912 | + const void *loc_cpu_entry; | |
| 1913 | 1913 | unsigned int i = 0; |
| 1914 | 1914 | |
| 1915 | 1915 | counters = alloc_counters(table); |
| ... | ... | @@ -1956,7 +1956,7 @@ |
| 1956 | 1956 | xt_compat_lock(AF_INET6); |
| 1957 | 1957 | t = xt_find_table_lock(net, AF_INET6, get.name); |
| 1958 | 1958 | if (t && !IS_ERR(t)) { |
| 1959 | - struct xt_table_info *private = t->private; | |
| 1959 | + const struct xt_table_info *private = t->private; | |
| 1960 | 1960 | struct xt_table_info info; |
| 1961 | 1961 | duprintf("t->private->number = %u\n", private->number); |
| 1962 | 1962 | ret = compat_table_info(private, &info); |
| ... | ... | @@ -2155,7 +2155,8 @@ |
| 2155 | 2155 | unsigned int protoff, |
| 2156 | 2156 | bool *hotdrop) |
| 2157 | 2157 | { |
| 2158 | - struct icmp6hdr _icmph, *ic; | |
| 2158 | + const struct icmp6hdr *ic; | |
| 2159 | + struct icmp6hdr _icmph; | |
| 2159 | 2160 | const struct ip6t_icmp *icmpinfo = matchinfo; |
| 2160 | 2161 | |
| 2161 | 2162 | /* Must not be a fragment. */ |
net/netfilter/x_tables.c
| ... | ... | @@ -58,7 +58,7 @@ |
| 58 | 58 | #define duprintf(format, args...) |
| 59 | 59 | #endif |
| 60 | 60 | |
| 61 | -static const char *xt_prefix[NPROTO] = { | |
| 61 | +static const char *const xt_prefix[NPROTO] = { | |
| 62 | 62 | [AF_INET] = "ip", |
| 63 | 63 | [AF_INET6] = "ip6", |
| 64 | 64 | [NF_ARP] = "arp", |
| ... | ... | @@ -248,7 +248,7 @@ |
| 248 | 248 | |
| 249 | 249 | static int match_revfn(int af, const char *name, u8 revision, int *bestp) |
| 250 | 250 | { |
| 251 | - struct xt_match *m; | |
| 251 | + const struct xt_match *m; | |
| 252 | 252 | int have_rev = 0; |
| 253 | 253 | |
| 254 | 254 | list_for_each_entry(m, &xt[af].match, list) { |
| ... | ... | @@ -264,7 +264,7 @@ |
| 264 | 264 | |
| 265 | 265 | static int target_revfn(int af, const char *name, u8 revision, int *bestp) |
| 266 | 266 | { |
| 267 | - struct xt_target *t; | |
| 267 | + const struct xt_target *t; | |
| 268 | 268 | int have_rev = 0; |
| 269 | 269 | |
| 270 | 270 | list_for_each_entry(t, &xt[af].target, list) { |
| ... | ... | @@ -385,7 +385,7 @@ |
| 385 | 385 | } |
| 386 | 386 | EXPORT_SYMBOL_GPL(xt_compat_calc_jump); |
| 387 | 387 | |
| 388 | -int xt_compat_match_offset(struct xt_match *match) | |
| 388 | +int xt_compat_match_offset(const struct xt_match *match) | |
| 389 | 389 | { |
| 390 | 390 | u_int16_t csize = match->compatsize ? : match->matchsize; |
| 391 | 391 | return XT_ALIGN(match->matchsize) - COMPAT_XT_ALIGN(csize); |
| ... | ... | @@ -395,7 +395,7 @@ |
| 395 | 395 | int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, |
| 396 | 396 | unsigned int *size) |
| 397 | 397 | { |
| 398 | - struct xt_match *match = m->u.kernel.match; | |
| 398 | + const struct xt_match *match = m->u.kernel.match; | |
| 399 | 399 | struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m; |
| 400 | 400 | int pad, off = xt_compat_match_offset(match); |
| 401 | 401 | u_int16_t msize = cm->u.user.match_size; |
| ... | ... | @@ -422,7 +422,7 @@ |
| 422 | 422 | int xt_compat_match_to_user(struct xt_entry_match *m, void __user **dstptr, |
| 423 | 423 | unsigned int *size) |
| 424 | 424 | { |
| 425 | - struct xt_match *match = m->u.kernel.match; | |
| 425 | + const struct xt_match *match = m->u.kernel.match; | |
| 426 | 426 | struct compat_xt_entry_match __user *cm = *dstptr; |
| 427 | 427 | int off = xt_compat_match_offset(match); |
| 428 | 428 | u_int16_t msize = m->u.user.match_size - off; |
| ... | ... | @@ -479,7 +479,7 @@ |
| 479 | 479 | EXPORT_SYMBOL_GPL(xt_check_target); |
| 480 | 480 | |
| 481 | 481 | #ifdef CONFIG_COMPAT |
| 482 | -int xt_compat_target_offset(struct xt_target *target) | |
| 482 | +int xt_compat_target_offset(const struct xt_target *target) | |
| 483 | 483 | { |
| 484 | 484 | u_int16_t csize = target->compatsize ? : target->targetsize; |
| 485 | 485 | return XT_ALIGN(target->targetsize) - COMPAT_XT_ALIGN(csize); |
| ... | ... | @@ -489,7 +489,7 @@ |
| 489 | 489 | void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, |
| 490 | 490 | unsigned int *size) |
| 491 | 491 | { |
| 492 | - struct xt_target *target = t->u.kernel.target; | |
| 492 | + const struct xt_target *target = t->u.kernel.target; | |
| 493 | 493 | struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t; |
| 494 | 494 | int pad, off = xt_compat_target_offset(target); |
| 495 | 495 | u_int16_t tsize = ct->u.user.target_size; |
| ... | ... | @@ -515,7 +515,7 @@ |
| 515 | 515 | int xt_compat_target_to_user(struct xt_entry_target *t, void __user **dstptr, |
| 516 | 516 | unsigned int *size) |
| 517 | 517 | { |
| 518 | - struct xt_target *target = t->u.kernel.target; | |
| 518 | + const struct xt_target *target = t->u.kernel.target; | |
| 519 | 519 | struct compat_xt_entry_target __user *ct = *dstptr; |
| 520 | 520 | int off = xt_compat_target_offset(target); |
| 521 | 521 | u_int16_t tsize = t->u.user.target_size - off; |