tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: Use unsigned types for hooknum and pf vars
and (try to) consistently use u_int8_t for the L3 family.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
authored by
Jan Engelhardt
and committed by
Patrick McHardy
76108cea
be713a44
+127
-121
+16
-14
include/linux/netfilter.h
+16
-14
include/linux/netfilter.h
···
92
92
/* User fills in from here down. */
93
93
nf_hookfn *hook;
94
94
struct module *owner;
95
-
int pf;
96
-
int hooknum;
95
+
u_int8_t pf;
96
+
unsigned int hooknum;
97
97
/* Hooks are ordered in ascending priority. */
98
98
int priority;
99
99
};
···
102
102
{
103
103
struct list_head list;
104
104
105
-
int pf;
105
+
u_int8_t pf;
106
106
107
107
/* Non-inclusive ranges: use 0/0/NULL to never get called. */
108
108
int set_optmin;
···
140
140
141
141
extern struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS];
142
142
143
-
int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
143
+
int nf_hook_slow(u_int8_t pf, unsigned int hook, struct sk_buff *skb,
144
144
struct net_device *indev, struct net_device *outdev,
145
145
int (*okfn)(struct sk_buff *), int thresh);
146
146
···
151
151
* okfn must be invoked by the caller in this case. Any other return
152
152
* value indicates the packet has been consumed by the hook.
153
153
*/
154
-
static inline int nf_hook_thresh(int pf, unsigned int hook,
154
+
static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
155
155
struct sk_buff *skb,
156
156
struct net_device *indev,
157
157
struct net_device *outdev,
···
167
167
return nf_hook_slow(pf, hook, skb, indev, outdev, okfn, thresh);
168
168
}
169
169
170
-
static inline int nf_hook(int pf, unsigned int hook, struct sk_buff *skb,
170
+
static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb,
171
171
struct net_device *indev, struct net_device *outdev,
172
172
int (*okfn)(struct sk_buff *))
173
173
{
···
212
212
NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, INT_MIN)
213
213
214
214
/* Call setsockopt() */
215
-
int nf_setsockopt(struct sock *sk, int pf, int optval, char __user *opt,
215
+
int nf_setsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt,
216
216
int len);
217
-
int nf_getsockopt(struct sock *sk, int pf, int optval, char __user *opt,
217
+
int nf_getsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt,
218
218
int *len);
219
219
220
-
int compat_nf_setsockopt(struct sock *sk, int pf, int optval,
220
+
int compat_nf_setsockopt(struct sock *sk, u_int8_t pf, int optval,
221
221
char __user *opt, int len);
222
-
int compat_nf_getsockopt(struct sock *sk, int pf, int optval,
222
+
int compat_nf_getsockopt(struct sock *sk, u_int8_t pf, int optval,
223
223
char __user *opt, int *len);
224
224
225
225
/* Call this before modifying an existing packet: ensures it is
···
292
292
extern void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);
293
293
294
294
static inline void
295
-
nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family)
295
+
nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
296
296
{
297
297
#ifdef CONFIG_NF_NAT_NEEDED
298
298
void (*decodefn)(struct sk_buff *, struct flowi *);
···
315
315
#else /* !CONFIG_NETFILTER */
316
316
#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb)
317
317
#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb)
318
-
static inline int nf_hook_thresh(int pf, unsigned int hook,
318
+
static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
319
319
struct sk_buff *skb,
320
320
struct net_device *indev,
321
321
struct net_device *outdev,
···
324
324
{
325
325
return okfn(skb);
326
326
}
327
-
static inline int nf_hook(int pf, unsigned int hook, struct sk_buff *skb,
327
+
static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb,
328
328
struct net_device *indev, struct net_device *outdev,
329
329
int (*okfn)(struct sk_buff *))
330
330
{
···
332
332
}
333
333
struct flowi;
334
334
static inline void
335
-
nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) {}
335
+
nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
336
+
{
337
+
}
336
338
#endif /*CONFIG_NETFILTER*/
337
339
338
340
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+14
-14
include/linux/netfilter/x_tables.h
+14
-14
include/linux/netfilter/x_tables.h
···
292
292
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
293
293
struct module *me;
294
294
295
-
int af; /* address/protocol family */
295
+
u_int8_t af; /* address/protocol family */
296
296
};
297
297
298
298
#include <linux/netfilter_ipv4.h>
···
346
346
struct xt_table_info *newinfo,
347
347
int *error);
348
348
349
-
extern struct xt_match *xt_find_match(int af, const char *name, u8 revision);
350
-
extern struct xt_target *xt_find_target(int af, const char *name, u8 revision);
351
-
extern struct xt_target *xt_request_find_target(int af, const char *name,
349
+
extern struct xt_match *xt_find_match(u8 af, const char *name, u8 revision);
350
+
extern struct xt_target *xt_find_target(u8 af, const char *name, u8 revision);
351
+
extern struct xt_target *xt_request_find_target(u8 af, const char *name,
352
352
u8 revision);
353
-
extern int xt_find_revision(int af, const char *name, u8 revision, int target,
354
-
int *err);
353
+
extern int xt_find_revision(u8 af, const char *name, u8 revision,
354
+
int target, int *err);
355
355
356
-
extern struct xt_table *xt_find_table_lock(struct net *net, int af,
356
+
extern struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
357
357
const char *name);
358
358
extern void xt_table_unlock(struct xt_table *t);
359
359
360
-
extern int xt_proto_init(struct net *net, int af);
361
-
extern void xt_proto_fini(struct net *net, int af);
360
+
extern int xt_proto_init(struct net *net, u_int8_t af);
361
+
extern void xt_proto_fini(struct net *net, u_int8_t af);
362
362
363
363
extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
364
364
extern void xt_free_table_info(struct xt_table_info *info);
···
423
423
#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
424
424
& ~(__alignof__(struct compat_xt_counters)-1))
425
425
426
-
extern void xt_compat_lock(int af);
427
-
extern void xt_compat_unlock(int af);
426
+
extern void xt_compat_lock(u_int8_t af);
427
+
extern void xt_compat_unlock(u_int8_t af);
428
428
429
-
extern int xt_compat_add_offset(int af, unsigned int offset, short delta);
430
-
extern void xt_compat_flush_offsets(int af);
431
-
extern short xt_compat_calc_jump(int af, unsigned int offset);
429
+
extern int xt_compat_add_offset(u_int8_t af, unsigned int offset, short delta);
430
+
extern void xt_compat_flush_offsets(u_int8_t af);
431
+
extern short xt_compat_calc_jump(u_int8_t af, unsigned int offset);
432
432
433
433
extern int xt_compat_match_offset(const struct xt_match *match);
434
434
extern int xt_compat_match_from_user(struct xt_entry_match *m,
+1
-1
include/net/netfilter/nf_conntrack_core.h
+1
-1
include/net/netfilter/nf_conntrack_core.h
···
20
20
/* This header is used to share core functionality between the
21
21
standalone connection tracking module, and the compatibility layer's use
22
22
of connection tracking. */
23
-
extern unsigned int nf_conntrack_in(int pf,
23
+
extern unsigned int nf_conntrack_in(u_int8_t pf,
24
24
unsigned int hooknum,
25
25
struct sk_buff *skb);
26
26
+1
-1
include/net/netfilter/nf_conntrack_expect.h
+1
-1
include/net/netfilter/nf_conntrack_expect.h
···
86
86
/* Allocate space for an expectation: this is mandatory before calling
87
87
nf_ct_expect_related. You will have to call put afterwards. */
88
88
struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
89
-
void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, int,
89
+
void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t,
90
90
const union nf_inet_addr *,
91
91
const union nf_inet_addr *,
92
92
u_int8_t, const __be16 *, const __be16 *);
+2
-2
include/net/netfilter/nf_conntrack_l4proto.h
+2
-2
include/net/netfilter/nf_conntrack_l4proto.h
···
39
39
const struct sk_buff *skb,
40
40
unsigned int dataoff,
41
41
enum ip_conntrack_info ctinfo,
42
-
int pf,
42
+
u_int8_t pf,
43
43
unsigned int hooknum);
44
44
45
45
/* Called when a new connection for this protocol found;
···
52
52
53
53
int (*error)(struct sk_buff *skb, unsigned int dataoff,
54
54
enum ip_conntrack_info *ctinfo,
55
-
int pf, unsigned int hooknum);
55
+
u_int8_t pf, unsigned int hooknum);
56
56
57
57
/* Print out the per-protocol part of the tuple. Return like seq_* */
58
58
int (*print_tuple)(struct seq_file *s,
+4
-4
include/net/netfilter/nf_log.h
+4
-4
include/net/netfilter/nf_log.h
···
28
28
} u;
29
29
};
30
30
31
-
typedef void nf_logfn(unsigned int pf,
31
+
typedef void nf_logfn(u_int8_t pf,
32
32
unsigned int hooknum,
33
33
const struct sk_buff *skb,
34
34
const struct net_device *in,
···
43
43
};
44
44
45
45
/* Function to register/unregister log function. */
46
-
int nf_log_register(int pf, const struct nf_logger *logger);
46
+
int nf_log_register(u_int8_t pf, const struct nf_logger *logger);
47
47
void nf_log_unregister(const struct nf_logger *logger);
48
-
void nf_log_unregister_pf(int pf);
48
+
void nf_log_unregister_pf(u_int8_t pf);
49
49
50
50
/* Calls the registered backend logging function */
51
-
void nf_log_packet(int pf,
51
+
void nf_log_packet(u_int8_t pf,
52
52
unsigned int hooknum,
53
53
const struct sk_buff *skb,
54
54
const struct net_device *in,
+3
-3
include/net/netfilter/nf_queue.h
+3
-3
include/net/netfilter/nf_queue.h
···
8
8
unsigned int id;
9
9
10
10
struct nf_hook_ops *elem;
11
-
int pf;
11
+
u_int8_t pf;
12
12
unsigned int hook;
13
13
struct net_device *indev;
14
14
struct net_device *outdev;
···
24
24
char *name;
25
25
};
26
26
27
-
extern int nf_register_queue_handler(int pf,
27
+
extern int nf_register_queue_handler(u_int8_t pf,
28
28
const struct nf_queue_handler *qh);
29
-
extern int nf_unregister_queue_handler(int pf,
29
+
extern int nf_unregister_queue_handler(u_int8_t pf,
30
30
const struct nf_queue_handler *qh);
31
31
extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh);
32
32
extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict);
+2
-2
net/bridge/br_netfilter.c
+2
-2
net/bridge/br_netfilter.c
···
657
657
{
658
658
struct nf_bridge_info *nf_bridge;
659
659
struct net_device *parent;
660
-
int pf;
660
+
u_int8_t pf;
661
661
662
662
if (!skb->nf_bridge)
663
663
return NF_ACCEPT;
···
791
791
{
792
792
struct nf_bridge_info *nf_bridge = skb->nf_bridge;
793
793
struct net_device *realoutdev = bridge_parent(skb->dev);
794
-
int pf;
794
+
u_int8_t pf;
795
795
796
796
#ifdef CONFIG_NETFILTER_DEBUG
797
797
/* Be very paranoid. This probably won't happen anymore, but let's
+1
-1
net/bridge/netfilter/ebt_log.c
+1
-1
net/bridge/netfilter/ebt_log.c
···
84
84
85
85
#define myNIPQUAD(a) a[0], a[1], a[2], a[3]
86
86
static void
87
-
ebt_log_packet(unsigned int pf, unsigned int hooknum,
87
+
ebt_log_packet(u_int8_t pf, unsigned int hooknum,
88
88
const struct sk_buff *skb, const struct net_device *in,
89
89
const struct net_device *out, const struct nf_loginfo *loginfo,
90
90
const char *prefix)
+1
-1
net/bridge/netfilter/ebt_ulog.c
+1
-1
net/bridge/netfilter/ebt_ulog.c
···
223
223
}
224
224
225
225
/* this function is registered with the netfilter core */
226
-
static void ebt_log_packet(unsigned int pf, unsigned int hooknum,
226
+
static void ebt_log_packet(u_int8_t pf, unsigned int hooknum,
227
227
const struct sk_buff *skb, const struct net_device *in,
228
228
const struct net_device *out, const struct nf_loginfo *li,
229
229
const char *prefix)
+1
-1
net/ipv4/netfilter/ipt_LOG.c
+1
-1
net/ipv4/netfilter/ipt_LOG.c
+1
-1
net/ipv4/netfilter/ipt_ULOG.c
+1
-1
net/ipv4/netfilter/ipt_ULOG.c
+2
-2
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+2
-2
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
···
79
79
const struct sk_buff *skb,
80
80
unsigned int dataoff,
81
81
enum ip_conntrack_info ctinfo,
82
-
int pf,
82
+
u_int8_t pf,
83
83
unsigned int hooknum)
84
84
{
85
85
/* Try to delete connection immediately after all replies:
···
173
173
/* Small and modified version of icmp_rcv */
174
174
static int
175
175
icmp_error(struct sk_buff *skb, unsigned int dataoff,
176
-
enum ip_conntrack_info *ctinfo, int pf, unsigned int hooknum)
176
+
enum ip_conntrack_info *ctinfo, u_int8_t pf, unsigned int hooknum)
177
177
{
178
178
const struct icmphdr *icmph;
179
179
struct icmphdr _ih;
+1
-1
net/ipv6/netfilter/ip6t_LOG.c
+1
-1
net/ipv6/netfilter/ip6t_LOG.c
+2
-2
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+2
-2
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
···
81
81
const struct sk_buff *skb,
82
82
unsigned int dataoff,
83
83
enum ip_conntrack_info ctinfo,
84
-
int pf,
84
+
u_int8_t pf,
85
85
unsigned int hooknum)
86
86
{
87
87
/* Try to delete connection immediately after all replies:
···
173
173
174
174
static int
175
175
icmpv6_error(struct sk_buff *skb, unsigned int dataoff,
176
-
enum ip_conntrack_info *ctinfo, int pf, unsigned int hooknum)
176
+
enum ip_conntrack_info *ctinfo, u_int8_t pf, unsigned int hooknum)
177
177
{
178
178
const struct icmp6hdr *icmp6h;
179
179
struct icmp6hdr _ih;
+2
-2
net/netfilter/core.c
+2
-2
net/netfilter/core.c
···
113
113
114
114
unsigned int nf_iterate(struct list_head *head,
115
115
struct sk_buff *skb,
116
-
int hook,
116
+
unsigned int hook,
117
117
const struct net_device *indev,
118
118
const struct net_device *outdev,
119
119
struct list_head **i,
···
155
155
156
156
/* Returns 1 if okfn() needs to be executed by the caller,
157
157
* -EPERM for NF_DROP, 0 otherwise. */
158
-
int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
158
+
int nf_hook_slow(u_int8_t pf, unsigned int hook, struct sk_buff *skb,
159
159
struct net_device *indev,
160
160
struct net_device *outdev,
161
161
int (*okfn)(struct sk_buff *),
+3
-3
net/netfilter/nf_conntrack_core.c
+3
-3
net/netfilter/nf_conntrack_core.c
···
665
665
}
666
666
667
667
unsigned int
668
-
nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff *skb)
668
+
nf_conntrack_in(u_int8_t pf, unsigned int hooknum, struct sk_buff *skb)
669
669
{
670
670
struct nf_conn *ct;
671
671
enum ip_conntrack_info ctinfo;
···
683
683
}
684
684
685
685
/* rcu_read_lock()ed by nf_hook_slow */
686
-
l3proto = __nf_ct_l3proto_find((u_int16_t)pf);
686
+
l3proto = __nf_ct_l3proto_find(pf);
687
687
ret = l3proto->get_l4proto(skb, skb_network_offset(skb),
688
688
&dataoff, &protonum);
689
689
if (ret <= 0) {
···
693
693
return -ret;
694
694
}
695
695
696
-
l4proto = __nf_ct_l4proto_find((u_int16_t)pf, protonum);
696
+
l4proto = __nf_ct_l4proto_find(pf, protonum);
697
697
698
698
/* It may be an special packet, error, unclean...
699
699
* inverse of the return code tells to the netfilter
+1
-1
net/netfilter/nf_conntrack_expect.c
+1
-1
net/netfilter/nf_conntrack_expect.c
···
241
241
EXPORT_SYMBOL_GPL(nf_ct_expect_alloc);
242
242
243
243
void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class,
244
-
int family,
244
+
u_int8_t family,
245
245
const union nf_inet_addr *saddr,
246
246
const union nf_inet_addr *daddr,
247
247
u_int8_t proto, const __be16 *src, const __be16 *dst)
+2
-1
net/netfilter/nf_conntrack_h323_main.c
+2
-1
net/netfilter/nf_conntrack_h323_main.c
···
709
709
/* If the calling party is on the same side of the forward-to party,
710
710
* we don't need to track the second call */
711
711
static int callforward_do_filter(const union nf_inet_addr *src,
712
-
const union nf_inet_addr *dst, int family)
712
+
const union nf_inet_addr *dst,
713
+
u_int8_t family)
713
714
{
714
715
const struct nf_afinfo *afinfo;
715
716
struct flowi fl1, fl2;
+2
-2
net/netfilter/nf_conntrack_proto_dccp.c
+2
-2
net/netfilter/nf_conntrack_proto_dccp.c
···
461
461
462
462
static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
463
463
unsigned int dataoff, enum ip_conntrack_info ctinfo,
464
-
int pf, unsigned int hooknum)
464
+
u_int8_t pf, unsigned int hooknum)
465
465
{
466
466
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
467
467
struct dccp_hdr _dh, *dh;
···
546
546
}
547
547
548
548
static int dccp_error(struct sk_buff *skb, unsigned int dataoff,
549
-
enum ip_conntrack_info *ctinfo, int pf,
549
+
enum ip_conntrack_info *ctinfo, u_int8_t pf,
550
550
unsigned int hooknum)
551
551
{
552
552
struct dccp_hdr _dh, *dh;
+1
-1
net/netfilter/nf_conntrack_proto_generic.c
+1
-1
net/netfilter/nf_conntrack_proto_generic.c
+1
-1
net/netfilter/nf_conntrack_proto_gre.c
+1
-1
net/netfilter/nf_conntrack_proto_gre.c
+1
-1
net/netfilter/nf_conntrack_proto_sctp.c
+1
-1
net/netfilter/nf_conntrack_proto_sctp.c
+3
-3
net/netfilter/nf_conntrack_proto_tcp.c
+3
-3
net/netfilter/nf_conntrack_proto_tcp.c
···
486
486
const struct sk_buff *skb,
487
487
unsigned int dataoff,
488
488
const struct tcphdr *tcph,
489
-
int pf)
489
+
u_int8_t pf)
490
490
{
491
491
struct ip_ct_tcp_state *sender = &state->seen[dir];
492
492
struct ip_ct_tcp_state *receiver = &state->seen[!dir];
···
749
749
static int tcp_error(struct sk_buff *skb,
750
750
unsigned int dataoff,
751
751
enum ip_conntrack_info *ctinfo,
752
-
int pf,
752
+
u_int8_t pf,
753
753
unsigned int hooknum)
754
754
{
755
755
const struct tcphdr *th;
···
804
804
const struct sk_buff *skb,
805
805
unsigned int dataoff,
806
806
enum ip_conntrack_info ctinfo,
807
-
int pf,
807
+
u_int8_t pf,
808
808
unsigned int hooknum)
809
809
{
810
810
struct nf_conntrack_tuple *tuple;
+2
-2
net/netfilter/nf_conntrack_proto_udp.c
+2
-2
net/netfilter/nf_conntrack_proto_udp.c
···
66
66
const struct sk_buff *skb,
67
67
unsigned int dataoff,
68
68
enum ip_conntrack_info ctinfo,
69
-
int pf,
69
+
u_int8_t pf,
70
70
unsigned int hooknum)
71
71
{
72
72
/* If we've seen traffic both ways, this is some kind of UDP
···
91
91
92
92
static int udp_error(struct sk_buff *skb, unsigned int dataoff,
93
93
enum ip_conntrack_info *ctinfo,
94
-
int pf,
94
+
u_int8_t pf,
95
95
unsigned int hooknum)
96
96
{
97
97
unsigned int udplen = skb->len - dataoff;
+2
-2
net/netfilter/nf_conntrack_proto_udplite.c
+2
-2
net/netfilter/nf_conntrack_proto_udplite.c
···
65
65
const struct sk_buff *skb,
66
66
unsigned int dataoff,
67
67
enum ip_conntrack_info ctinfo,
68
-
int pf,
68
+
u_int8_t pf,
69
69
unsigned int hooknum)
70
70
{
71
71
/* If we've seen traffic both ways, this is some kind of UDP
···
91
91
92
92
static int udplite_error(struct sk_buff *skb, unsigned int dataoff,
93
93
enum ip_conntrack_info *ctinfo,
94
-
int pf,
94
+
u_int8_t pf,
95
95
unsigned int hooknum)
96
96
{
97
97
unsigned int udplen = skb->len - dataoff;
+2
-2
net/netfilter/nf_internals.h
+2
-2
net/netfilter/nf_internals.h
···
15
15
/* core.c */
16
16
extern unsigned int nf_iterate(struct list_head *head,
17
17
struct sk_buff *skb,
18
-
int hook,
18
+
unsigned int hook,
19
19
const struct net_device *indev,
20
20
const struct net_device *outdev,
21
21
struct list_head **i,
···
25
25
/* nf_queue.c */
26
26
extern int nf_queue(struct sk_buff *skb,
27
27
struct list_head *elem,
28
-
int pf, unsigned int hook,
28
+
u_int8_t pf, unsigned int hook,
29
29
struct net_device *indev,
30
30
struct net_device *outdev,
31
31
int (*okfn)(struct sk_buff *),
+3
-3
net/netfilter/nf_log.c
+3
-3
net/netfilter/nf_log.c
···
20
20
21
21
/* return EBUSY if somebody else is registered, EEXIST if the same logger
22
22
* is registred, 0 on success. */
23
-
int nf_log_register(int pf, const struct nf_logger *logger)
23
+
int nf_log_register(u_int8_t pf, const struct nf_logger *logger)
24
24
{
25
25
int ret;
26
26
···
45
45
}
46
46
EXPORT_SYMBOL(nf_log_register);
47
47
48
-
void nf_log_unregister_pf(int pf)
48
+
void nf_log_unregister_pf(u_int8_t pf)
49
49
{
50
50
if (pf >= NPROTO)
51
51
return;
···
73
73
}
74
74
EXPORT_SYMBOL(nf_log_unregister);
75
75
76
-
void nf_log_packet(int pf,
76
+
void nf_log_packet(u_int8_t pf,
77
77
unsigned int hooknum,
78
78
const struct sk_buff *skb,
79
79
const struct net_device *in,
+5
-5
net/netfilter/nf_queue.c
+5
-5
net/netfilter/nf_queue.c
···
22
22
23
23
/* return EBUSY when somebody else is registered, return EEXIST if the
24
24
* same handler is registered, return 0 in case of success. */
25
-
int nf_register_queue_handler(int pf, const struct nf_queue_handler *qh)
25
+
int nf_register_queue_handler(u_int8_t pf, const struct nf_queue_handler *qh)
26
26
{
27
27
int ret;
28
28
···
45
45
EXPORT_SYMBOL(nf_register_queue_handler);
46
46
47
47
/* The caller must flush their queue before this */
48
-
int nf_unregister_queue_handler(int pf, const struct nf_queue_handler *qh)
48
+
int nf_unregister_queue_handler(u_int8_t pf, const struct nf_queue_handler *qh)
49
49
{
50
50
if (pf >= NPROTO)
51
51
return -EINVAL;
···
67
67
68
68
void nf_unregister_queue_handlers(const struct nf_queue_handler *qh)
69
69
{
70
-
int pf;
70
+
u_int8_t pf;
71
71
72
72
mutex_lock(&queue_handler_mutex);
73
73
for (pf = 0; pf < NPROTO; pf++) {
···
107
107
*/
108
108
static int __nf_queue(struct sk_buff *skb,
109
109
struct list_head *elem,
110
-
int pf, unsigned int hook,
110
+
u_int8_t pf, unsigned int hook,
111
111
struct net_device *indev,
112
112
struct net_device *outdev,
113
113
int (*okfn)(struct sk_buff *),
···
191
191
192
192
int nf_queue(struct sk_buff *skb,
193
193
struct list_head *elem,
194
-
int pf, unsigned int hook,
194
+
u_int8_t pf, unsigned int hook,
195
195
struct net_device *indev,
196
196
struct net_device *outdev,
197
197
int (*okfn)(struct sk_buff *),
+8
-7
net/netfilter/nf_sockopt.c
+8
-7
net/netfilter/nf_sockopt.c
···
60
60
}
61
61
EXPORT_SYMBOL(nf_unregister_sockopt);
62
62
63
-
static struct nf_sockopt_ops *nf_sockopt_find(struct sock *sk, int pf,
63
+
static struct nf_sockopt_ops *nf_sockopt_find(struct sock *sk, u_int8_t pf,
64
64
int val, int get)
65
65
{
66
66
struct nf_sockopt_ops *ops;
···
96
96
}
97
97
98
98
/* Call get/setsockopt() */
99
-
static int nf_sockopt(struct sock *sk, int pf, int val,
99
+
static int nf_sockopt(struct sock *sk, u_int8_t pf, int val,
100
100
char __user *opt, int *len, int get)
101
101
{
102
102
struct nf_sockopt_ops *ops;
···
115
115
return ret;
116
116
}
117
117
118
-
int nf_setsockopt(struct sock *sk, int pf, int val, char __user *opt,
118
+
int nf_setsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
119
119
int len)
120
120
{
121
121
return nf_sockopt(sk, pf, val, opt, &len, 0);
122
122
}
123
123
EXPORT_SYMBOL(nf_setsockopt);
124
124
125
-
int nf_getsockopt(struct sock *sk, int pf, int val, char __user *opt, int *len)
125
+
int nf_getsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
126
+
int *len)
126
127
{
127
128
return nf_sockopt(sk, pf, val, opt, len, 1);
128
129
}
129
130
EXPORT_SYMBOL(nf_getsockopt);
130
131
131
132
#ifdef CONFIG_COMPAT
132
-
static int compat_nf_sockopt(struct sock *sk, int pf, int val,
133
+
static int compat_nf_sockopt(struct sock *sk, u_int8_t pf, int val,
133
134
char __user *opt, int *len, int get)
134
135
{
135
136
struct nf_sockopt_ops *ops;
···
156
155
return ret;
157
156
}
158
157
159
-
int compat_nf_setsockopt(struct sock *sk, int pf,
158
+
int compat_nf_setsockopt(struct sock *sk, u_int8_t pf,
160
159
int val, char __user *opt, int len)
161
160
{
162
161
return compat_nf_sockopt(sk, pf, val, opt, &len, 0);
163
162
}
164
163
EXPORT_SYMBOL(compat_nf_setsockopt);
165
164
166
-
int compat_nf_getsockopt(struct sock *sk, int pf,
165
+
int compat_nf_getsockopt(struct sock *sk, u_int8_t pf,
167
166
int val, char __user *opt, int *len)
168
167
{
169
168
return compat_nf_sockopt(sk, pf, val, opt, len, 1);
+2
-2
net/netfilter/nfnetlink_log.c
+2
-2
net/netfilter/nfnetlink_log.c
···
359
359
__build_packet_message(struct nfulnl_instance *inst,
360
360
const struct sk_buff *skb,
361
361
unsigned int data_len,
362
-
unsigned int pf,
362
+
u_int8_t pf,
363
363
unsigned int hooknum,
364
364
const struct net_device *indev,
365
365
const struct net_device *outdev,
···
534
534
535
535
/* log handler for internal netfilter logging api */
536
536
static void
537
-
nfulnl_log_packet(unsigned int pf,
537
+
nfulnl_log_packet(u_int8_t pf,
538
538
unsigned int hooknum,
539
539
const struct sk_buff *skb,
540
540
const struct net_device *in,
+25
-22
net/netfilter/x_tables.c
+25
-22
net/netfilter/x_tables.c
···
68
68
int
69
69
xt_register_target(struct xt_target *target)
70
70
{
71
-
int ret, af = target->family;
71
+
u_int8_t af = target->family;
72
+
int ret;
72
73
73
74
ret = mutex_lock_interruptible(&xt[af].mutex);
74
75
if (ret != 0)
···
83
82
void
84
83
xt_unregister_target(struct xt_target *target)
85
84
{
86
-
int af = target->family;
85
+
u_int8_t af = target->family;
87
86
88
87
mutex_lock(&xt[af].mutex);
89
88
list_del(&target->list);
···
124
123
int
125
124
xt_register_match(struct xt_match *match)
126
125
{
127
-
int ret, af = match->family;
126
+
u_int8_t af = match->family;
127
+
int ret;
128
128
129
129
ret = mutex_lock_interruptible(&xt[af].mutex);
130
130
if (ret != 0)
···
141
139
void
142
140
xt_unregister_match(struct xt_match *match)
143
141
{
144
-
int af = match->family;
142
+
u_int8_t af = match->family;
145
143
146
144
mutex_lock(&xt[af].mutex);
147
145
list_del(&match->list);
···
187
185
*/
188
186
189
187
/* Find match, grabs ref. Returns ERR_PTR() on error. */
190
-
struct xt_match *xt_find_match(int af, const char *name, u8 revision)
188
+
struct xt_match *xt_find_match(u8 af, const char *name, u8 revision)
191
189
{
192
190
struct xt_match *m;
193
191
int err = 0;
···
212
210
EXPORT_SYMBOL(xt_find_match);
213
211
214
212
/* Find target, grabs ref. Returns ERR_PTR() on error. */
215
-
struct xt_target *xt_find_target(int af, const char *name, u8 revision)
213
+
struct xt_target *xt_find_target(u8 af, const char *name, u8 revision)
216
214
{
217
215
struct xt_target *t;
218
216
int err = 0;
···
236
234
}
237
235
EXPORT_SYMBOL(xt_find_target);
238
236
239
-
struct xt_target *xt_request_find_target(int af, const char *name, u8 revision)
237
+
struct xt_target *xt_request_find_target(u8 af, const char *name, u8 revision)
240
238
{
241
239
struct xt_target *target;
242
240
···
248
246
}
249
247
EXPORT_SYMBOL_GPL(xt_request_find_target);
250
248
251
-
static int match_revfn(int af, const char *name, u8 revision, int *bestp)
249
+
static int match_revfn(u8 af, const char *name, u8 revision, int *bestp)
252
250
{
253
251
const struct xt_match *m;
254
252
int have_rev = 0;
···
264
262
return have_rev;
265
263
}
266
264
267
-
static int target_revfn(int af, const char *name, u8 revision, int *bestp)
265
+
static int target_revfn(u8 af, const char *name, u8 revision, int *bestp)
268
266
{
269
267
const struct xt_target *t;
270
268
int have_rev = 0;
···
281
279
}
282
280
283
281
/* Returns true or false (if no such extension at all) */
284
-
int xt_find_revision(int af, const char *name, u8 revision, int target,
282
+
int xt_find_revision(u8 af, const char *name, u8 revision, int target,
285
283
int *err)
286
284
{
287
285
int have_rev, best = -1;
···
339
337
EXPORT_SYMBOL_GPL(xt_check_match);
340
338
341
339
#ifdef CONFIG_COMPAT
342
-
int xt_compat_add_offset(int af, unsigned int offset, short delta)
340
+
int xt_compat_add_offset(u_int8_t af, unsigned int offset, short delta)
343
341
{
344
342
struct compat_delta *tmp;
345
343
···
361
359
}
362
360
EXPORT_SYMBOL_GPL(xt_compat_add_offset);
363
361
364
-
void xt_compat_flush_offsets(int af)
362
+
void xt_compat_flush_offsets(u_int8_t af)
365
363
{
366
364
struct compat_delta *tmp, *next;
367
365
···
375
373
}
376
374
EXPORT_SYMBOL_GPL(xt_compat_flush_offsets);
377
375
378
-
short xt_compat_calc_jump(int af, unsigned int offset)
376
+
short xt_compat_calc_jump(u_int8_t af, unsigned int offset)
379
377
{
380
378
struct compat_delta *tmp;
381
379
short delta;
···
592
590
EXPORT_SYMBOL(xt_free_table_info);
593
591
594
592
/* Find table by name, grabs mutex & ref. Returns ERR_PTR() on error. */
595
-
struct xt_table *xt_find_table_lock(struct net *net, int af, const char *name)
593
+
struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
594
+
const char *name)
596
595
{
597
596
struct xt_table *t;
598
597
···
615
612
EXPORT_SYMBOL_GPL(xt_table_unlock);
616
613
617
614
#ifdef CONFIG_COMPAT
618
-
void xt_compat_lock(int af)
615
+
void xt_compat_lock(u_int8_t af)
619
616
{
620
617
mutex_lock(&xt[af].compat_mutex);
621
618
}
622
619
EXPORT_SYMBOL_GPL(xt_compat_lock);
623
620
624
-
void xt_compat_unlock(int af)
621
+
void xt_compat_unlock(u_int8_t af)
625
622
{
626
623
mutex_unlock(&xt[af].compat_mutex);
627
624
}
···
725
722
#ifdef CONFIG_PROC_FS
726
723
struct xt_names_priv {
727
724
struct seq_net_private p;
728
-
int af;
725
+
u_int8_t af;
729
726
};
730
727
static void *xt_table_seq_start(struct seq_file *seq, loff_t *pos)
731
728
{
732
729
struct xt_names_priv *priv = seq->private;
733
730
struct net *net = seq_file_net(seq);
734
-
int af = priv->af;
731
+
u_int8_t af = priv->af;
735
732
736
733
mutex_lock(&xt[af].mutex);
737
734
return seq_list_start(&net->xt.tables[af], *pos);
···
741
738
{
742
739
struct xt_names_priv *priv = seq->private;
743
740
struct net *net = seq_file_net(seq);
744
-
int af = priv->af;
741
+
u_int8_t af = priv->af;
745
742
746
743
return seq_list_next(v, &net->xt.tables[af], pos);
747
744
}
···
749
746
static void xt_table_seq_stop(struct seq_file *seq, void *v)
750
747
{
751
748
struct xt_names_priv *priv = seq->private;
752
-
int af = priv->af;
749
+
u_int8_t af = priv->af;
753
750
754
751
mutex_unlock(&xt[af].mutex);
755
752
}
···
925
922
926
923
#endif /* CONFIG_PROC_FS */
927
924
928
-
int xt_proto_init(struct net *net, int af)
925
+
int xt_proto_init(struct net *net, u_int8_t af)
929
926
{
930
927
#ifdef CONFIG_PROC_FS
931
928
char buf[XT_FUNCTION_MAXNAMELEN];
···
977
974
}
978
975
EXPORT_SYMBOL_GPL(xt_proto_init);
979
976
980
-
void xt_proto_fini(struct net *net, int af)
977
+
void xt_proto_fini(struct net *net, u_int8_t af)
981
978
{
982
979
#ifdef CONFIG_PROC_FS
983
980
char buf[XT_FUNCTION_MAXNAMELEN];
+1
-1
net/netfilter/xt_connlimit.c
+1
-1
net/netfilter/xt_connlimit.c
···
82
82
static inline unsigned int
83
83
same_source_net(const union nf_inet_addr *addr,
84
84
const union nf_inet_addr *mask,
85
-
const union nf_inet_addr *u3, unsigned int family)
85
+
const union nf_inet_addr *u3, u_int8_t family)
86
86
{
87
87
if (family == AF_INET) {
88
88
return (addr->ip & mask->ip) == (u3->ip & mask->ip);
+4
-4
net/netfilter/xt_conntrack.c
+4
-4
net/netfilter/xt_conntrack.c
···
133
133
static inline bool
134
134
conntrack_mt_origsrc(const struct nf_conn *ct,
135
135
const struct xt_conntrack_mtinfo1 *info,
136
-
unsigned int family)
136
+
u_int8_t family)
137
137
{
138
138
return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3,
139
139
&info->origsrc_addr, &info->origsrc_mask, family);
···
142
142
static inline bool
143
143
conntrack_mt_origdst(const struct nf_conn *ct,
144
144
const struct xt_conntrack_mtinfo1 *info,
145
-
unsigned int family)
145
+
u_int8_t family)
146
146
{
147
147
return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3,
148
148
&info->origdst_addr, &info->origdst_mask, family);
···
151
151
static inline bool
152
152
conntrack_mt_replsrc(const struct nf_conn *ct,
153
153
const struct xt_conntrack_mtinfo1 *info,
154
-
unsigned int family)
154
+
u_int8_t family)
155
155
{
156
156
return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3,
157
157
&info->replsrc_addr, &info->replsrc_mask, family);
···
160
160
static inline bool
161
161
conntrack_mt_repldst(const struct nf_conn *ct,
162
162
const struct xt_conntrack_mtinfo1 *info,
163
-
unsigned int family)
163
+
u_int8_t family)
164
164
{
165
165
return conntrack_addrcmp(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3,
166
166
&info->repldst_addr, &info->repldst_mask, family);
+5
-6
net/netfilter/xt_hashlimit.c
+5
-6
net/netfilter/xt_hashlimit.c
···
80
80
struct xt_hashlimit_htable {
81
81
struct hlist_node node; /* global list of all htables */
82
82
atomic_t use;
83
-
int family;
83
+
u_int8_t family;
84
84
85
85
struct hashlimit_cfg1 cfg; /* config */
86
86
···
185
185
}
186
186
static void htable_gc(unsigned long htlong);
187
187
188
-
static int htable_create_v0(struct xt_hashlimit_info *minfo, int family)
188
+
static int htable_create_v0(struct xt_hashlimit_info *minfo, u_int8_t family)
189
189
{
190
190
struct xt_hashlimit_htable *hinfo;
191
191
unsigned int size;
···
258
258
return 0;
259
259
}
260
260
261
-
static int htable_create(struct xt_hashlimit_mtinfo1 *minfo,
262
-
unsigned int family)
261
+
static int htable_create(struct xt_hashlimit_mtinfo1 *minfo, u_int8_t family)
263
262
{
264
263
struct xt_hashlimit_htable *hinfo;
265
264
unsigned int size;
···
377
378
}
378
379
379
380
static struct xt_hashlimit_htable *htable_find_get(const char *name,
380
-
int family)
381
+
u_int8_t family)
381
382
{
382
383
struct xt_hashlimit_htable *hinfo;
383
384
struct hlist_node *pos;
···
900
901
spin_unlock_bh(&htable->lock);
901
902
}
902
903
903
-
static int dl_seq_real_show(struct dsthash_ent *ent, int family,
904
+
static int dl_seq_real_show(struct dsthash_ent *ent, u_int8_t family,
904
905
struct seq_file *s)
905
906
{
906
907
/* recalculate to show accurate numbers */