[NETFILTER]: ipt annotations

[pandora-kernel.git] / net / ipv4 / netfilter / ipt_hashlimit.c

diff --git a/net/ipv4/netfilter/ipt_hashlimit.c b/net/ipv4/netfilter/ipt_hashlimit.c
index 3bd2368..33ccdbf 100644 (file)
--- a/net/ipv4/netfilter/ipt_hashlimit.c
+++ b/net/ipv4/netfilter/ipt_hashlimit.c
@@ -50,11 +50,11 @@ static struct file_operations dl_file_ops;
 /* hash table crap */
 
 struct dsthash_dst {
-       u_int32_t src_ip;
-       u_int32_t dst_ip;
+       __be32 src_ip;
+       __be32 dst_ip;
        /* ports have to be consecutive !!! */
-       u_int16_t src_port;
-       u_int16_t dst_port;
+       __be16 src_port;
+       __be16 dst_port;
 };
 
 struct dsthash_ent {
@@ -106,8 +106,10 @@ static inline int dst_cmp(const struct dsthash_ent *ent, struct dsthash_dst *b)
 static inline u_int32_t
 hash_dst(const struct ipt_hashlimit_htable *ht, const struct dsthash_dst *dst)
 {
-       return (jhash_3words(dst->dst_ip, (dst->dst_port<<16 | dst->src_port), 
-                            dst->src_ip, ht->rnd) % ht->cfg.size);
+       return (jhash_3words((__force u32)dst->dst_ip,
+                           ((__force u32)dst->dst_port<<16 |
+                            (__force u32)dst->src_port),
+                            (__force u32)dst->src_ip, ht->rnd) % ht->cfg.size);
 }
 
 static inline struct dsthash_ent *
@@ -406,7 +408,7 @@ hashlimit_match(const struct sk_buff *skb,
                dst.src_ip = skb->nh.iph->saddr;
        if (hinfo->cfg.mode & IPT_HASHLIMIT_HASH_DPT
            ||hinfo->cfg.mode & IPT_HASHLIMIT_HASH_SPT) {
-               u_int16_t _ports[2], *ports;
+               __be16 _ports[2], *ports;
 
                switch (skb->nh.iph->protocol) {
                case IPPROTO_TCP:
@@ -478,7 +480,6 @@ hashlimit_checkentry(const char *tablename,
                     const void *inf,
                     const struct xt_match *match,
                     void *matchinfo,
-                    unsigned int matchsize,
                     unsigned int hook_mask)
 {
        struct ipt_hashlimit_info *r = matchinfo;
@@ -529,18 +530,46 @@ hashlimit_checkentry(const char *tablename,
 }
 
 static void
-hashlimit_destroy(const struct xt_match *match, void *matchinfo,
-                 unsigned int matchsize)
+hashlimit_destroy(const struct xt_match *match, void *matchinfo)
 {
        struct ipt_hashlimit_info *r = matchinfo;
 
        htable_put(r->hinfo);
 }
 
+#ifdef CONFIG_COMPAT
+struct compat_ipt_hashlimit_info {
+       char name[IFNAMSIZ];
+       struct hashlimit_cfg cfg;
+       compat_uptr_t hinfo;
+       compat_uptr_t master;
+};
+
+static void compat_from_user(void *dst, void *src)
+{
+       int off = offsetof(struct compat_ipt_hashlimit_info, hinfo);
+
+       memcpy(dst, src, off);
+       memset(dst + off, 0, sizeof(struct compat_ipt_hashlimit_info) - off);
+}
+
+static int compat_to_user(void __user *dst, void *src)
+{
+       int off = offsetof(struct compat_ipt_hashlimit_info, hinfo);
+
+       return copy_to_user(dst, src, off) ? -EFAULT : 0;
+}
+#endif
+
 static struct ipt_match ipt_hashlimit = {
        .name           = "hashlimit",
        .match          = hashlimit_match,
        .matchsize      = sizeof(struct ipt_hashlimit_info),
+#ifdef CONFIG_COMPAT
+       .compatsize     = sizeof(struct compat_ipt_hashlimit_info),
+       .compat_from_user = compat_from_user,
+       .compat_to_user = compat_to_user,
+#endif
        .checkentry     = hashlimit_checkentry,
        .destroy        = hashlimit_destroy,
        .me             = THIS_MODULE