The payload parameters to nfq_set_verdict(), nfq_set_verdict2(), and nfq_set_verdict_mark() are not modified by those functions, and therefore should have datatype pointer-to-const. This both causes the source-code to more effectively represent what is the purpose of the parameter, and eliminates the need to cast away const-ness when calling the functions with compilers that enforce strict casting. All existing calling code should not need modification as pointer-to-X automatically converts to pointer-to-const-X. Signed-off-by: David Favro <netfilter@xxxxxxxxxxxxxxxx> --- include/libnetfilter_queue/libnetfilter_queue.h | 6 +++--- src/libnetfilter_queue.c | 11 ++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h index 88a9b8c..2e2ca8b 100644 --- a/include/libnetfilter_queue/libnetfilter_queue.h +++ b/include/libnetfilter_queue/libnetfilter_queue.h @@ -60,14 +60,14 @@ extern int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t data_len, - unsigned char *buf); + const unsigned char *buf); extern int nfq_set_verdict2(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, u_int32_t datalen, - unsigned char *buf); + const unsigned char *buf); extern __attribute__((deprecated)) int nfq_set_verdict_mark(struct nfq_q_handle *qh, @@ -75,7 +75,7 @@ int nfq_set_verdict_mark(struct nfq_q_handle *qh, u_int32_t verdict, u_int32_t mark, u_int32_t datalen, - unsigned char *buf); + const unsigned char *buf); /* message parsing function */ diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index cc19e6a..4cc4925 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -610,7 +610,7 @@ int nfq_set_queue_maxlen(struct nfq_q_handle *qh, static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, int set_mark, - u_int32_t data_len, unsigned char *data) + u_int32_t data_len, const unsigned char *data) { struct nfqnl_msg_verdict_hdr vh; union { @@ -646,8 +646,9 @@ static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id, nvecs = 1; if (data_len) { + /* The typecast here is to cast away data's const-ness: */ nfnl_build_nfa_iovec(&iov[1], &data_attr, NFQA_PAYLOAD, - data_len, data); + data_len, (unsigned char *) data); nvecs += 2; /* Add the length of the appended data to the message * header. The size of the attribute is given in the @@ -688,7 +689,7 @@ static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id, */ int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t data_len, - unsigned char *buf) + const unsigned char *buf) { return __set_verdict(qh, id, verdict, 0, 0, data_len, buf); } @@ -704,7 +705,7 @@ int nfq_set_verdict(struct nfq_q_handle *qh, u_int32_t id, */ int nfq_set_verdict2(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, - u_int32_t data_len, unsigned char *buf) + u_int32_t data_len, const unsigned char *buf) { return __set_verdict(qh, id, verdict, htonl(mark), 1, data_len, buf); } @@ -725,7 +726,7 @@ int nfq_set_verdict2(struct nfq_q_handle *qh, u_int32_t id, */ int nfq_set_verdict_mark(struct nfq_q_handle *qh, u_int32_t id, u_int32_t verdict, u_int32_t mark, - u_int32_t data_len, unsigned char *buf) + u_int32_t data_len, const unsigned char *buf) { return __set_verdict(qh, id, verdict, mark, 1, data_len, buf); } -- 1.7.0.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html