]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: NAT annotations
authorAl Viro <viro@zeniv.linux.org.uk>
Thu, 28 Sep 2006 21:22:02 +0000 (14:22 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Fri, 29 Sep 2006 01:03:01 +0000 (18:03 -0700)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
12 files changed:
include/linux/netfilter_ipv4/ip_nat.h
net/ipv4/netfilter/ip_nat_core.c
net/ipv4/netfilter/ip_nat_ftp.c
net/ipv4/netfilter/ip_nat_helper.c
net/ipv4/netfilter/ip_nat_helper_pptp.c
net/ipv4/netfilter/ip_nat_proto_icmp.c
net/ipv4/netfilter/ip_nat_proto_tcp.c
net/ipv4/netfilter/ip_nat_proto_udp.c
net/ipv4/netfilter/ip_nat_rule.c
net/ipv4/netfilter/ip_nat_sip.c
net/ipv4/netfilter/ip_nat_snmp_basic.c
net/ipv4/netfilter/ip_nat_standalone.c

index 98f8407e4cb5011f0d343f241cc4b4741e56962b..bdf553620ca188ddbc53695d14d0389dd386d716 100644 (file)
@@ -33,7 +33,7 @@ struct ip_nat_range
        unsigned int flags;
 
        /* Inclusive: network order. */
-       u_int32_t min_ip, max_ip;
+       __be32 min_ip, max_ip;
 
        /* Inclusive: network order */
        union ip_conntrack_manip_proto min, max;
index 71f3e09cbc84b456f5488d9f7a49b1ba7a7fa819..4b6260a974085f754278d3a727f76f821ac92b7a 100644 (file)
@@ -82,7 +82,7 @@ static inline unsigned int
 hash_by_src(const struct ip_conntrack_tuple *tuple)
 {
        /* Original src, to ensure we map it consistently if poss. */
-       return jhash_3words(tuple->src.ip, tuple->src.u.all,
+       return jhash_3words((__force u32)tuple->src.ip, tuple->src.u.all,
                            tuple->dst.protonum, 0) % ip_nat_htable_size;
 }
 
@@ -190,7 +190,7 @@ find_best_ips_proto(struct ip_conntrack_tuple *tuple,
                    const struct ip_conntrack *conntrack,
                    enum ip_nat_manip_type maniptype)
 {
-       u_int32_t *var_ipp;
+       __be32 *var_ipp;
        /* Host order */
        u_int32_t minip, maxip, j;
 
@@ -217,7 +217,7 @@ find_best_ips_proto(struct ip_conntrack_tuple *tuple,
         * like this), even across reboots. */
        minip = ntohl(range->min_ip);
        maxip = ntohl(range->max_ip);
-       j = jhash_2words(tuple->src.ip, tuple->dst.ip, 0);
+       j = jhash_2words((__force u32)tuple->src.ip, (__force u32)tuple->dst.ip, 0);
        *var_ipp = htonl(minip + j % (maxip - minip + 1));
 }
 
@@ -534,9 +534,9 @@ int
 ip_nat_port_range_to_nfattr(struct sk_buff *skb, 
                            const struct ip_nat_range *range)
 {
-       NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(u_int16_t),
+       NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(__be16),
                &range->min.tcp.port);
-       NFA_PUT(skb, CTA_PROTONAT_PORT_MAX, sizeof(u_int16_t),
+       NFA_PUT(skb, CTA_PROTONAT_PORT_MAX, sizeof(__be16),
                &range->max.tcp.port);
 
        return 0;
@@ -555,7 +555,7 @@ ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range)
        if (tb[CTA_PROTONAT_PORT_MIN-1]) {
                ret = 1;
                range->min.tcp.port = 
-                       *(u_int16_t *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]);
+                       *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]);
        }
        
        if (!tb[CTA_PROTONAT_PORT_MAX-1]) {
@@ -564,7 +564,7 @@ ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range)
        } else {
                ret = 1;
                range->max.tcp.port = 
-                       *(u_int16_t *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]);
+                       *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]);
        }
 
        return ret;
index 3328fc5c5f500e381daa205f111e9319b686b71f..a71c233d8112b9cb9888ab3e3cff4d71ed9061a3 100644 (file)
@@ -34,7 +34,7 @@ MODULE_DESCRIPTION("ftp NAT helper");
 
 static int
 mangle_rfc959_packet(struct sk_buff **pskb,
-                    u_int32_t newip,
+                    __be32 newip,
                     u_int16_t port,
                     unsigned int matchoff,
                     unsigned int matchlen,
@@ -57,7 +57,7 @@ mangle_rfc959_packet(struct sk_buff **pskb,
 /* |1|132.235.1.2|6275| */
 static int
 mangle_eprt_packet(struct sk_buff **pskb,
-                  u_int32_t newip,
+                  __be32 newip,
                   u_int16_t port,
                   unsigned int matchoff,
                   unsigned int matchlen,
@@ -79,7 +79,7 @@ mangle_eprt_packet(struct sk_buff **pskb,
 /* |1|132.235.1.2|6275| */
 static int
 mangle_epsv_packet(struct sk_buff **pskb,
-                  u_int32_t newip,
+                  __be32 newip,
                   u_int16_t port,
                   unsigned int matchoff,
                   unsigned int matchlen,
@@ -98,7 +98,7 @@ mangle_epsv_packet(struct sk_buff **pskb,
                                        matchlen, buffer, strlen(buffer));
 }
 
-static int (*mangle[])(struct sk_buff **, u_int32_t, u_int16_t,
+static int (*mangle[])(struct sk_buff **, __be32, u_int16_t,
                     unsigned int,
                     unsigned int,
                     struct ip_conntrack *,
@@ -120,7 +120,7 @@ static unsigned int ip_nat_ftp(struct sk_buff **pskb,
                               struct ip_conntrack_expect *exp,
                               u32 *seq)
 {
-       u_int32_t newip;
+       __be32 newip;
        u_int16_t port;
        int dir = CTINFO2DIR(ctinfo);
        struct ip_conntrack *ct = exp->master;
index e9c5187ea5b21ac03285dce9b0eb2d21112f2154..3bf858480558fe26b4c93ef515ebcd9721340e65 100644 (file)
@@ -189,7 +189,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
                                                        datalen, 0));
        } else
                tcph->check = nf_proto_csum_update(*pskb,
-                                                  htons(oldlen) ^ 0xFFFF,
+                                                  htons(oldlen) ^ htons(0xFFFF),
                                                   htons(datalen),
                                                   tcph->check, 1);
 
@@ -267,7 +267,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
                        udph->check = -1;
        } else
                udph->check = nf_proto_csum_update(*pskb,
-                                                  htons(oldlen) ^ 0xFFFF,
+                                                  htons(oldlen) ^ htons(0xFFFF),
                                                   htons(datalen),
                                                   udph->check, 1);
        return 1;
@@ -284,26 +284,24 @@ sack_adjust(struct sk_buff *skb,
 {
        while (sackoff < sackend) {
                struct tcp_sack_block_wire *sack;
-               u_int32_t new_start_seq, new_end_seq;
+               __be32 new_start_seq, new_end_seq;
 
                sack = (void *)skb->data + sackoff;
                if (after(ntohl(sack->start_seq) - natseq->offset_before,
                          natseq->correction_pos))
-                       new_start_seq = ntohl(sack->start_seq) 
-                                       - natseq->offset_after;
+                       new_start_seq = htonl(ntohl(sack->start_seq)
+                                       - natseq->offset_after);
                else
-                       new_start_seq = ntohl(sack->start_seq) 
-                                       - natseq->offset_before;
-               new_start_seq = htonl(new_start_seq);
+                       new_start_seq = htonl(ntohl(sack->start_seq)
+                                       - natseq->offset_before);
 
                if (after(ntohl(sack->end_seq) - natseq->offset_before,
                          natseq->correction_pos))
-                       new_end_seq = ntohl(sack->end_seq)
-                                     - natseq->offset_after;
+                       new_end_seq = htonl(ntohl(sack->end_seq)
+                                     - natseq->offset_after);
                else
-                       new_end_seq = ntohl(sack->end_seq)
-                                     - natseq->offset_before;
-               new_end_seq = htonl(new_end_seq);
+                       new_end_seq = htonl(ntohl(sack->end_seq)
+                                     - natseq->offset_before);
 
                DEBUGP("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n",
                        ntohl(sack->start_seq), new_start_seq,
@@ -375,7 +373,8 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
                  enum ip_conntrack_info ctinfo)
 {
        struct tcphdr *tcph;
-       int dir, newseq, newack;
+       int dir;
+       __be32 newseq, newack;
        struct ip_nat_seq *this_way, *other_way;        
 
        dir = CTINFO2DIR(ctinfo);
@@ -388,17 +387,15 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
 
        tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
        if (after(ntohl(tcph->seq), this_way->correction_pos))
-               newseq = ntohl(tcph->seq) + this_way->offset_after;
+               newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
        else
-               newseq = ntohl(tcph->seq) + this_way->offset_before;
-       newseq = htonl(newseq);
+               newseq = htonl(ntohl(tcph->seq) + this_way->offset_before);
 
        if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
                  other_way->correction_pos))
-               newack = ntohl(tcph->ack_seq) - other_way->offset_after;
+               newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_after);
        else
-               newack = ntohl(tcph->ack_seq) - other_way->offset_before;
-       newack = htonl(newack);
+               newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);
 
        tcph->check = nf_proto_csum_update(*pskb, ~tcph->seq, newseq,
                                           tcph->check, 0);
index 2ff5788071237fa968a74dd1d45c7da512472d1e..329fdcd7d7029aa9724930e94416b2431ff1e669 100644 (file)
@@ -51,7 +51,7 @@
 
 #define IP_NAT_PPTP_VERSION "3.0"
 
-#define REQ_CID(req, off)              (*(u_int16_t *)((char *)(req) + (off)))
+#define REQ_CID(req, off)              (*(__be16 *)((char *)(req) + (off)))
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
index ec50cc295317feac7527e22ba21c5d1972492265..3f6efc13ac74e7a20f9a9ecd9bbd9a1d99e5a2c7 100644 (file)
@@ -67,7 +67,7 @@ icmp_manip_pkt(struct sk_buff **pskb,
 
        hdr = (struct icmphdr *)((*pskb)->data + hdroff);
        hdr->checksum = nf_proto_csum_update(*pskb,
-                                            hdr->un.echo.id ^ 0xFFFF,
+                                            hdr->un.echo.id ^ htons(0xFFFF),
                                             tuple->src.u.icmp.id,
                                             hdr->checksum, 0);
        hdr->un.echo.id = tuple->src.u.icmp.id;
index 72a6307bd2db90dde126cabb647cf738b1b1bf0b..12deb13b93b12aee127377cf316c729cd100f8d8 100644 (file)
@@ -24,7 +24,7 @@ tcp_in_range(const struct ip_conntrack_tuple *tuple,
             const union ip_conntrack_manip_proto *min,
             const union ip_conntrack_manip_proto *max)
 {
-       u_int16_t port;
+       __be16 port;
 
        if (maniptype == IP_NAT_MANIP_SRC)
                port = tuple->src.u.tcp.port;
@@ -42,7 +42,7 @@ tcp_unique_tuple(struct ip_conntrack_tuple *tuple,
                 const struct ip_conntrack *conntrack)
 {
        static u_int16_t port;
-       u_int16_t *portptr;
+       __be16 *portptr;
        unsigned int range_size, min, i;
 
        if (maniptype == IP_NAT_MANIP_SRC)
@@ -93,8 +93,8 @@ tcp_manip_pkt(struct sk_buff **pskb,
        struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
        struct tcphdr *hdr;
        unsigned int hdroff = iphdroff + iph->ihl*4;
-       u32 oldip, newip;
-       u16 *portptr, newport, oldport;
+       __be32 oldip, newip;
+       __be16 *portptr, newport, oldport;
        int hdrsize = 8; /* TCP connection tracking guarantees this much */
 
        /* this could be a inner header returned in icmp packet; in such
@@ -130,7 +130,7 @@ tcp_manip_pkt(struct sk_buff **pskb,
                return 1;
 
        hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip, hdr->check, 1);
-       hdr->check = nf_proto_csum_update(*pskb, oldport ^ 0xFFFF, newport,
+       hdr->check = nf_proto_csum_update(*pskb, oldport ^ htons(0xFFFF), newport,
                                          hdr->check, 0);
        return 1;
 }
index 5da196ae758cf07e6cb09b8ef2629789ec0c8bb0..4bbec7730d18b3fbbec444aee353bf0b07dc41dd 100644 (file)
@@ -24,7 +24,7 @@ udp_in_range(const struct ip_conntrack_tuple *tuple,
             const union ip_conntrack_manip_proto *min,
             const union ip_conntrack_manip_proto *max)
 {
-       u_int16_t port;
+       __be16 port;
 
        if (maniptype == IP_NAT_MANIP_SRC)
                port = tuple->src.u.udp.port;
@@ -42,7 +42,7 @@ udp_unique_tuple(struct ip_conntrack_tuple *tuple,
                 const struct ip_conntrack *conntrack)
 {
        static u_int16_t port;
-       u_int16_t *portptr;
+       __be16 *portptr;
        unsigned int range_size, min, i;
 
        if (maniptype == IP_NAT_MANIP_SRC)
@@ -91,8 +91,8 @@ udp_manip_pkt(struct sk_buff **pskb,
        struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
        struct udphdr *hdr;
        unsigned int hdroff = iphdroff + iph->ihl*4;
-       u32 oldip, newip;
-       u16 *portptr, newport;
+       __be32 oldip, newip;
+       __be16 *portptr, newport;
 
        if (!skb_make_writable(pskb, hdroff + sizeof(*hdr)))
                return 0;
@@ -118,7 +118,7 @@ udp_manip_pkt(struct sk_buff **pskb,
                hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip,
                                                  hdr->check, 1);
                hdr->check = nf_proto_csum_update(*pskb,
-                                                 *portptr ^ 0xFFFF, newport,
+                                                 *portptr ^ htons(0xFFFF), newport,
                                                  hdr->check, 0);
                if (!hdr->check)
                        hdr->check = -1;
index 7b703839aa58ca78d4b2a73d40f2516198d714b1..a176aa3031e0f37557d100975e6e9ba92f0df4f0 100644 (file)
@@ -119,7 +119,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
 }
 
 /* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
-static void warn_if_extra_mangle(u32 dstip, u32 srcip)
+static void warn_if_extra_mangle(__be32 dstip, __be32 srcip)
 {
        static int warned = 0;
        struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } };
@@ -205,7 +205,7 @@ alloc_null_binding(struct ip_conntrack *conntrack,
           per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED).
           Use reply in case it's already been mangled (eg local packet).
        */
-       u_int32_t ip
+       __be32 ip
                = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
                   ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
                   : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
@@ -222,7 +222,7 @@ alloc_null_binding_confirmed(struct ip_conntrack *conntrack,
                              struct ip_nat_info *info,
                              unsigned int hooknum)
 {
-       u_int32_t ip
+       __be32 ip
                = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
                   ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
                   : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
index 6ffba63adca230e17ed1345838e49240879a857a..71fc2730a007d5ccdd9f4069c763d4b8bb8f748c 100644 (file)
@@ -60,8 +60,8 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
        char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
        unsigned int bufflen, dataoff;
-       u_int32_t ip;
-       u_int16_t port;
+       __be32 ip;
+       __be16 port;
 
        dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
 
@@ -159,7 +159,7 @@ static int mangle_content_len(struct sk_buff **pskb,
 static unsigned int mangle_sdp(struct sk_buff **pskb,
                               enum ip_conntrack_info ctinfo,
                               struct ip_conntrack *ct,
-                              u_int32_t newip, u_int16_t port,
+                              __be32 newip, u_int16_t port,
                               const char *dptr)
 {
        char buffer[sizeof("nnn.nnn.nnn.nnn")];
@@ -195,7 +195,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
 {
        struct ip_conntrack *ct = exp->master;
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-       u_int32_t newip;
+       __be32 newip;
        u_int16_t port;
 
        DEBUGP("ip_nat_sdp():\n");
index 18b7fbdccb6126684f67478fa6a7ba1580445b23..168f45fa1898d2ce1094ed2782916e2b67d88c50 100644 (file)
@@ -1211,7 +1211,7 @@ static int snmp_translate(struct ip_conntrack *ct,
                           struct sk_buff **pskb)
 {
        struct iphdr *iph = (*pskb)->nh.iph;
-       struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
+       struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
        u_int16_t udplen = ntohs(udph->len);
        u_int16_t paylen = udplen - sizeof(struct udphdr);
        int dir = CTINFO2DIR(ctinfo);
index 9c577db62047a7255c4ebed0c317050319290865..021395b674639b19f65975732239321a2fd34750 100644 (file)
@@ -191,7 +191,7 @@ ip_nat_in(unsigned int hooknum,
           int (*okfn)(struct sk_buff *))
 {
        unsigned int ret;
-       u_int32_t daddr = (*pskb)->nh.iph->daddr;
+       __be32 daddr = (*pskb)->nh.iph->daddr;
 
        ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
        if (ret != NF_DROP && ret != NF_STOLEN