Merge git://git.linux-nfs.org/pub/linux/nfs-2.6

[linux-2.6] / net / netfilter / xt_hashlimit.c

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index a1b5996447dd5a09716cd0e3b8d8028ebb0bee4d..2ef44d8560c154d944ea66e28e6505bc77c6222e 100644 (file)
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -21,6 +21,7 @@
 #include <linux/in.h>
 #include <linux/ip.h>
 #include <linux/ipv6.h>
+#include <net/net_namespace.h>
 
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
@@ -95,7 +96,7 @@ static HLIST_HEAD(hashlimit_htables);
 static struct kmem_cache *hashlimit_cachep __read_mostly;
 
 static inline bool dst_cmp(const struct dsthash_ent *ent,
-                          struct dsthash_dst *b)
+                          const struct dsthash_dst *b)
 {
        return !memcmp(&ent->dst, b, sizeof(ent->dst));
 }
@@ -107,7 +108,8 @@ hash_dst(const struct xt_hashlimit_htable *ht, const struct dsthash_dst *dst)
 }
 
 static struct dsthash_ent *
-dsthash_find(const struct xt_hashlimit_htable *ht, struct dsthash_dst *dst)
+dsthash_find(const struct xt_hashlimit_htable *ht,
+            const struct dsthash_dst *dst)
 {
        struct dsthash_ent *ent;
        struct hlist_node *pos;
@@ -123,7 +125,8 @@ dsthash_find(const struct xt_hashlimit_htable *ht, struct dsthash_dst *dst)
 
 /* allocate dsthash_ent, initialize dst, put in htable and lock it */
 static struct dsthash_ent *
-dsthash_alloc_init(struct xt_hashlimit_htable *ht, struct dsthash_dst *dst)
+dsthash_alloc_init(struct xt_hashlimit_htable *ht,
+                  const struct dsthash_dst *dst)
 {
        struct dsthash_ent *ent;
 
@@ -228,19 +231,21 @@ static int htable_create(struct xt_hashlimit_info *minfo, int family)
        return 0;
 }
 
-static bool select_all(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)
+static bool select_all(const struct xt_hashlimit_htable *ht,
+                      const struct dsthash_ent *he)
 {
        return 1;
 }
 
-static bool select_gc(struct xt_hashlimit_htable *ht, struct dsthash_ent *he)
+static bool select_gc(const struct xt_hashlimit_htable *ht,
+                     const struct dsthash_ent *he)
 {
-       return (jiffies >= he->expires);
+       return time_after_eq(jiffies, he->expires);
 }
 
 static void htable_selective_cleanup(struct xt_hashlimit_htable *ht,
-                               bool (*select)(struct xt_hashlimit_htable *ht,
-                                             struct dsthash_ent *he))
+                       bool (*select)(const struct xt_hashlimit_htable *ht,
+                                     const struct dsthash_ent *he))
 {
        unsigned int i;
 
@@ -283,7 +288,8 @@ static void htable_destroy(struct xt_hashlimit_htable *hinfo)
        vfree(hinfo);
 }
 
-static struct xt_hashlimit_htable *htable_find_get(char *name, int family)
+static struct xt_hashlimit_htable *htable_find_get(const char *name,
+                                                  int family)
 {
        struct xt_hashlimit_htable *hinfo;
        struct hlist_node *pos;
@@ -368,7 +374,8 @@ static inline void rateinfo_recalc(struct dsthash_ent *dh, unsigned long now)
 }
 
 static int
-hashlimit_init_dst(struct xt_hashlimit_htable *hinfo, struct dsthash_dst *dst,
+hashlimit_init_dst(const struct xt_hashlimit_htable *hinfo,
+                  struct dsthash_dst *dst,
                   const struct sk_buff *skb, unsigned int protoff)
 {
        __be16 _ports[2], *ports;
@@ -443,8 +450,8 @@ hashlimit_match(const struct sk_buff *skb,
                unsigned int protoff,
                bool *hotdrop)
 {
-       struct xt_hashlimit_info *r =
-               ((struct xt_hashlimit_info *)matchinfo)->u.master;
+       const struct xt_hashlimit_info *r =
+               ((const struct xt_hashlimit_info *)matchinfo)->u.master;
        struct xt_hashlimit_htable *hinfo = r->hinfo;
        unsigned long now = jiffies;
        struct dsthash_ent *dh;
@@ -543,7 +550,7 @@ hashlimit_checkentry(const char *tablename,
 static void
 hashlimit_destroy(const struct xt_match *match, void *matchinfo)
 {
-       struct xt_hashlimit_info *r = matchinfo;
+       const struct xt_hashlimit_info *r = matchinfo;
 
        htable_put(r->hinfo);
 }
@@ -572,7 +579,7 @@ static int compat_to_user(void __user *dst, void *src)
 }
 #endif
 
-static struct xt_match xt_hashlimit[] = {
+static struct xt_match xt_hashlimit[] __read_mostly = {
        {
                .name           = "hashlimit",
                .family         = AF_INET,
@@ -695,7 +702,7 @@ static int dl_seq_show(struct seq_file *s, void *v)
        return 0;
 }
 
-static struct seq_operations dl_seq_ops = {
+static const struct seq_operations dl_seq_ops = {
        .start = dl_seq_start,
        .next  = dl_seq_next,
        .stop  = dl_seq_stop,
@@ -732,18 +739,18 @@ static int __init xt_hashlimit_init(void)
        err = -ENOMEM;
        hashlimit_cachep = kmem_cache_create("xt_hashlimit",
                                            sizeof(struct dsthash_ent), 0, 0,
-                                           NULL, NULL);
+                                           NULL);
        if (!hashlimit_cachep) {
                printk(KERN_ERR "xt_hashlimit: unable to create slab cache\n");
                goto err2;
        }
-       hashlimit_procdir4 = proc_mkdir("ipt_hashlimit", proc_net);
+       hashlimit_procdir4 = proc_mkdir("ipt_hashlimit", init_net.proc_net);
        if (!hashlimit_procdir4) {
                printk(KERN_ERR "xt_hashlimit: unable to create proc dir "
                                "entry\n");
                goto err3;
        }
-       hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", proc_net);
+       hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", init_net.proc_net);
        if (!hashlimit_procdir6) {
                printk(KERN_ERR "xt_hashlimit: unable to create proc dir "
                                "entry\n");
@@ -751,7 +758,7 @@ static int __init xt_hashlimit_init(void)
        }
        return 0;
 err4:
-       remove_proc_entry("ipt_hashlimit", proc_net);
+       remove_proc_entry("ipt_hashlimit", init_net.proc_net);
 err3:
        kmem_cache_destroy(hashlimit_cachep);
 err2:
@@ -763,8 +770,8 @@ err1:
 
 static void __exit xt_hashlimit_fini(void)
 {
-       remove_proc_entry("ipt_hashlimit", proc_net);
-       remove_proc_entry("ip6t_hashlimit", proc_net);
+       remove_proc_entry("ipt_hashlimit", init_net.proc_net);
+       remove_proc_entry("ip6t_hashlimit", init_net.proc_net);
        kmem_cache_destroy(hashlimit_cachep);
        xt_unregister_matches(xt_hashlimit, ARRAY_SIZE(xt_hashlimit));
 }