netfilter: xtables: add const qualifiers

	return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;

}

static inline int ebt_dev_check(char *entry, const struct net_device *device)

static inline int

ebt_dev_check(const char *entry, const struct net_device *device)

{

	int i = 0;

	const char *devname;

#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg))

/* process standard matches */

static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,

static inline int

ebt_basic_match(const struct ebt_entry *e, const struct ethhdr *h,

                const struct net_device *in, const struct net_device *out)

{

	int verdict, i;

	int i, nentries;

	struct ebt_entry *point;

	struct ebt_counter *counter_base, *cb_base;

	struct ebt_entry_target *t;

	const struct ebt_entry_target *t;

	int verdict, sp = 0;

	struct ebt_chainstack *cs;

	struct ebt_entries *chaininfo;

	char *base;

	struct ebt_table_info *private;

	const char *base;

	const struct ebt_table_info *private;

	bool hotdrop = false;

	struct xt_match_param mtpar;

	struct xt_target_param tgpar;

	return 0;

}

static int ebt_verify_pointers(struct ebt_replace *repl,

static int ebt_verify_pointers(const struct ebt_replace *repl,

			       struct ebt_table_info *newinfo)

{

	unsigned int limit = repl->entries_size;

 * to parse the userspace data

 */

static inline int

ebt_check_entry_size_and_hooks(struct ebt_entry *e,

   struct ebt_table_info *newinfo,

ebt_check_entry_size_and_hooks(const struct ebt_entry *e,

   const struct ebt_table_info *newinfo,

   unsigned int *n, unsigned int *cnt,

   unsigned int *totalcnt, unsigned int *udc_cnt)

{

}

static inline int

ebt_check_entry(struct ebt_entry *e,

   struct net *net,

   struct ebt_table_info *newinfo,

ebt_check_entry(struct ebt_entry *e, struct net *net,

   const struct ebt_table_info *newinfo,

   const char *name, unsigned int *cnt,

   struct ebt_cl_stack *cl_s, unsigned int udc_cnt)

{

 * the hook mask for udc tells us from which base chains the udc can be

 * accessed. This mask is a parameter to the check() functions of the extensions

 */

static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s,

static int check_chainloops(const struct ebt_entries *chain, struct ebt_cl_stack *cl_s,

   unsigned int udc_cnt, unsigned int hooknr, char *base)

{

	int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict;

	struct ebt_entry *e = (struct ebt_entry *)chain->data;

	struct ebt_entry_target *t;

	const struct ebt_entry *e = (struct ebt_entry *)chain->data;

	const struct ebt_entry_target *t;

	while (pos < nentries || chain_nr != -1) {

		/* end of udc, go back one 'recursion' step */

}

/* do the parsing of the table/chains/entries/matches/watchers/targets, heh */

static int translate_table(struct net *net, char *name,

static int translate_table(struct net *net, const char *name,

			   struct ebt_table_info *newinfo)

{

	unsigned int i, j, k, udc_cnt;

}

/* called under write_lock */

static void get_counters(struct ebt_counter *oldcounters,

static void get_counters(const struct ebt_counter *oldcounters,

   struct ebt_counter *counters, unsigned int nentries)

{

	int i, cpu;

}

/* replace the table */

static int do_replace(struct net *net, void __user *user, unsigned int len)

static int do_replace(struct net *net, const void __user *user,

		      unsigned int len)

{

	int ret, i, countersize;

	struct ebt_table_info *newinfo;

}

/* userspace just supplied us with counters */

static int update_counters(struct net *net, void __user *user, unsigned int len)

static int update_counters(struct net *net, const void __user *user,

			   unsigned int len)

{

	int i, ret;

	struct ebt_counter *tmp;

	return ret;

}

static inline int ebt_make_matchname(struct ebt_entry_match *m,

   char *base, char __user *ubase)

static inline int ebt_make_matchname(const struct ebt_entry_match *m,

    const char *base, char __user *ubase)

{

	char __user *hlp = ubase + ((char *)m - base);

	if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN))

	return 0;

}

static inline int ebt_make_watchername(struct ebt_entry_watcher *w,

   char *base, char __user *ubase)

static inline int ebt_make_watchername(const struct ebt_entry_watcher *w,

    const char *base, char __user *ubase)

{

	char __user *hlp = ubase + ((char *)w - base);

	if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN))

	return 0;

}

static inline int ebt_make_names(struct ebt_entry *e, char *base, char __user *ubase)

static inline int

ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)

{

	int ret;

	char __user *hlp;

	struct ebt_entry_target *t;

	const struct ebt_entry_target *t;

	if (e->bitmask == 0)

		return 0;

/* called with ebt_mutex locked */

static int copy_everything_to_user(struct ebt_table *t, void __user *user,

   int *len, int cmd)

    const int *len, int cmd)

{

	struct ebt_replace tmp;

	struct ebt_counter *counterstmp, *oldcounters;

	struct ebt_counter *counterstmp;

	const struct ebt_counter *oldcounters;

	unsigned int entries_size, nentries;

	char *entries;

	return NF_DROP;

}

static inline struct arpt_entry *get_entry(void *base, unsigned int offset)

static inline const struct arpt_entry_target *

arpt_get_target_c(const struct arpt_entry *e)

{

	return arpt_get_target((struct arpt_entry *)e);

}

static inline struct arpt_entry *

get_entry(const void *base, unsigned int offset)

{

	return (struct arpt_entry *)(base + offset);

}

	arp = arp_hdr(skb);

	do {

		struct arpt_entry_target *t;

		const struct arpt_entry_target *t;

		int hdr_len;

		if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {

			(2 * skb->dev->addr_len);

		ADD_COUNTER(e->counters, hdr_len, 1);

		t = arpt_get_target(e);

		t = arpt_get_target_c(e);

		/* Standard target? */

		if (!t->u.kernel.target->target) {

/* Figures out from what hook each rule can be called: returns 0 if

 * there are loops.  Puts hook bitmask in comefrom.

 */

static int mark_source_chains(struct xt_table_info *newinfo,

static int mark_source_chains(const struct xt_table_info *newinfo,

			      unsigned int valid_hooks, void *entry0)

{

	unsigned int hook;

		for (;;) {

			const struct arpt_standard_target *t

				= (void *)arpt_get_target(e);

				= (void *)arpt_get_target_c(e);

			int visited = e->comefrom & (1 << hook);

			if (e->comefrom & (1 << NF_ARP_NUMHOOKS)) {

	return 1;

}

static inline int check_entry(struct arpt_entry *e, const char *name)

static inline int check_entry(const struct arpt_entry *e, const char *name)

{

	const struct arpt_entry_target *t;

	if (e->target_offset + sizeof(struct arpt_entry_target) > e->next_offset)

		return -EINVAL;

	t = arpt_get_target(e);

	t = arpt_get_target_c(e);

	if (e->target_offset + t->u.target_size > e->next_offset)

		return -EINVAL;

	return ret;

}

static bool check_underflow(struct arpt_entry *e)

static bool check_underflow(const struct arpt_entry *e)

{

	const struct arpt_entry_target *t;

	unsigned int verdict;

	if (!unconditional(&e->arp))

		return false;

	t = arpt_get_target(e);

	t = arpt_get_target_c(e);

	if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)

		return false;

	verdict = ((struct arpt_standard_target *)t)->verdict;

static inline int check_entry_size_and_hooks(struct arpt_entry *e,

					     struct xt_table_info *newinfo,

					     unsigned char *base,

					     unsigned char *limit,

					     const unsigned char *base,

					     const unsigned char *limit,

					     const unsigned int *hook_entries,

					     const unsigned int *underflows,

					     unsigned int valid_hooks,

	local_bh_enable();

}

static struct xt_counters *alloc_counters(struct xt_table *table)

static struct xt_counters *alloc_counters(const struct xt_table *table)

{

	unsigned int countersize;

	struct xt_counters *counters;

	struct xt_table_info *private = table->private;

	const struct xt_table_info *private = table->private;

	/* We need atomic snapshot of counters: rest doesn't change

	 * (other than comefrom, which userspace doesn't care

}

static int copy_entries_to_user(unsigned int total_size,

				struct xt_table *table,

				const struct xt_table *table,

				void __user *userptr)

{

	unsigned int off, num;

	struct arpt_entry *e;

	const struct arpt_entry *e;

	struct xt_counters *counters;

	struct xt_table_info *private = table->private;

	int ret = 0;

	/* FIXME: use iterator macros --RR */

	/* ... then go back and fix counters and names */

	for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){

		struct arpt_entry_target *t;

		const struct arpt_entry_target *t;

		e = (struct arpt_entry *)(loc_cpu_entry + off);

		if (copy_to_user(userptr + off

			goto free_counters;

		}

		t = arpt_get_target(e);

		t = arpt_get_target_c(e);

		if (copy_to_user(userptr + off + e->target_offset

				 + offsetof(struct arpt_entry_target,

					    u.user.name),

	return copy_to_user(dst, &cv, sizeof(cv)) ? -EFAULT : 0;

}

static int compat_calc_entry(struct arpt_entry *e,

static int compat_calc_entry(const struct arpt_entry *e,

			     const struct xt_table_info *info,

			     void *base, struct xt_table_info *newinfo)

			     const void *base, struct xt_table_info *newinfo)

{

	struct arpt_entry_target *t;

	const struct arpt_entry_target *t;

	unsigned int entry_offset;

	int off, i, ret;

	off = sizeof(struct arpt_entry) - sizeof(struct compat_arpt_entry);

	entry_offset = (void *)e - base;

	t = arpt_get_target(e);

	t = arpt_get_target_c(e);

	off += xt_compat_target_offset(t->u.kernel.target);

	newinfo->size -= off;

	ret = xt_compat_add_offset(NFPROTO_ARP, entry_offset, off);

}

#endif

static int get_info(struct net *net, void __user *user, int *len, int compat)

static int get_info(struct net *net, void __user *user,

                    const int *len, int compat)

{

	char name[ARPT_TABLE_MAXNAMELEN];

	struct xt_table *t;

}

static int get_entries(struct net *net, struct arpt_get_entries __user *uptr,

		       int *len)

		       const int *len)

{

	int ret;

	struct arpt_get_entries get;

	return ret;

}

static int do_replace(struct net *net, void __user *user, unsigned int len)

static int do_replace(struct net *net, const void __user *user,

                      unsigned int len)

{

	int ret;

	struct arpt_replace tmp;

	return 0;

}

static int do_add_counters(struct net *net, void __user *user, unsigned int len,

			   int compat)

static int do_add_counters(struct net *net, const void __user *user,

			   unsigned int len, int compat)

{

	unsigned int i, curcpu;

	struct xt_counters_info tmp;

check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,

				  struct xt_table_info *newinfo,

				  unsigned int *size,

				  unsigned char *base,

				  unsigned char *limit,

				  unsigned int *hook_entries,

				  unsigned int *underflows,

				  const unsigned char *base,

				  const unsigned char *limit,

				  const unsigned int *hook_entries,

				  const unsigned int *underflows,

				  unsigned int *i,

				  const char *name)

{

/* Performance critical - called for every packet */

static inline bool

do_match(struct ipt_entry_match *m, const struct sk_buff *skb,

do_match(const struct ipt_entry_match *m, const struct sk_buff *skb,

	 struct xt_match_param *par)

{

	par->match     = m->u.kernel.match;

/* Performance critical */

static inline struct ipt_entry *

get_entry(void *base, unsigned int offset)

get_entry(const void *base, unsigned int offset)

{

	return (struct ipt_entry *)(base + offset);

}

#undef FWINV

}

/* for const-correctness */

static inline const struct ipt_entry_target *

ipt_get_target_c(const struct ipt_entry *e)

{

	return ipt_get_target((struct ipt_entry *)e);

}

#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \

    defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)

static const char *const hooknames[] = {

/* Mildly perf critical (only if packet tracing is on) */

static inline int

get_chainname_rulenum(struct ipt_entry *s, struct ipt_entry *e,

get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,

		      const char *hookname, const char **chainname,

		      const char **comment, unsigned int *rulenum)

{

	struct ipt_standard_target *t = (void *)ipt_get_target(s);

	const struct ipt_standard_target *t = (void *)ipt_get_target_c(s);

	if (strcmp(t->target.u.kernel.target->name, IPT_ERROR_TARGET) == 0) {

		/* Head of user chain: ERROR target with chainname */

	return 0;

}

static void trace_packet(struct sk_buff *skb,

static void trace_packet(const struct sk_buff *skb,

			 unsigned int hook,

			 const struct net_device *in,

			 const struct net_device *out,

			 const char *tablename,

			 struct xt_table_info *private,

			 struct ipt_entry *e)

			 const struct xt_table_info *private,

			 const struct ipt_entry *e)

{

	void *table_base;

	const void *table_base;

	const struct ipt_entry *root;

	const char *hookname, *chainname, *comment;

	unsigned int rulenum = 0;

	/* Initializing verdict to NF_DROP keeps gcc happy. */

	unsigned int verdict = NF_DROP;

	const char *indev, *outdev;

	void *table_base;

	const void *table_base;

	struct ipt_entry *e, *back;

	struct xt_table_info *private;

	const struct xt_table_info *private;

	struct xt_match_param mtpar;

	struct xt_target_param tgpar;

	back = get_entry(table_base, private->underflow[hook]);

	do {

		struct ipt_entry_target *t;

		const struct ipt_entry_target *t;

		IP_NF_ASSERT(e);

		IP_NF_ASSERT(back);

/* Figures out from what hook each rule can be called: returns 0 if

   there are loops.  Puts hook bitmask in comefrom. */

static int

mark_source_chains(struct xt_table_info *newinfo,

mark_source_chains(const struct xt_table_info *newinfo,

		   unsigned int valid_hooks, void *entry0)

{

	unsigned int hook;

		e->counters.pcnt = pos;

		for (;;) {

			struct ipt_standard_target *t

				= (void *)ipt_get_target(e);

			const struct ipt_standard_target *t

				= (void *)ipt_get_target_c(e);

			int visited = e->comefrom & (1 << hook);

			if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {

}

static int

check_entry(struct ipt_entry *e, const char *name)

check_entry(const struct ipt_entry *e, const char *name)

{

	struct ipt_entry_target *t;

	const struct ipt_entry_target *t;

	if (!ip_checkentry(&e->ip)) {

		duprintf("ip_tables: ip check failed %p %s.\n", e, name);

	    e->next_offset)

		return -EINVAL;

	t = ipt_get_target(e);

	t = ipt_get_target_c(e);

	if (e->target_offset + t->u.target_size > e->next_offset)

		return -EINVAL;

	return ret;

}

static bool check_underflow(struct ipt_entry *e)

static bool check_underflow(const struct ipt_entry *e)

{

	const struct ipt_entry_target *t;

	unsigned int verdict;

	if (!unconditional(&e->ip))

		return false;

	t = ipt_get_target(e);

	t = ipt_get_target_c(e);

	if (strcmp(t->u.user.name, XT_STANDARD_TARGET) != 0)

		return false;

	verdict = ((struct ipt_standard_target *)t)->verdict;

static int

check_entry_size_and_hooks(struct ipt_entry *e,

			   struct xt_table_info *newinfo,

			   unsigned char *base,

			   unsigned char *limit,

			   const unsigned char *base,

			   const unsigned char *limit,

			   const unsigned int *hook_entries,

			   const unsigned int *underflows,

			   unsigned int valid_hooks,

	local_bh_enable();

}

static struct xt_counters * alloc_counters(struct xt_table *table)

static struct xt_counters *alloc_counters(const struct xt_table *table)

{

	unsigned int countersize;

	struct xt_counters *counters;

	struct xt_table_info *private = table->private;

	const struct xt_table_info *private = table->private;

	/* We need atomic snapshot of counters: rest doesn't change

	   (other than comefrom, which userspace doesn't care

static int

copy_entries_to_user(unsigned int total_size,

		     struct xt_table *table,

		     const struct xt_table *table,

		     void __user *userptr)