netfilter endian regressions

no real bugs, just misannotations cropping up

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 90ae8b4..37e933c 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -5,8 +5,8 @@
 
 struct xt_connlimit_info {
 	union {
-		u_int32_t v4_mask;
-		u_int32_t v6_mask[4];
+		__be32 v4_mask;
+		__be32 v6_mask[4];
 	};
 	unsigned int limit, inverse;
 
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 040dae5..c48e390 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -35,7 +35,7 @@
 union nf_conntrack_man_proto
 {
 	/* Add other protocols here. */
-	u_int16_t all;
+	__be16 all;
 
 	struct {
 		__be16 port;
@@ -73,7 +73,7 @@
 		union nf_conntrack_address u3;
 		union {
 			/* Add other protocols here. */
-			u_int16_t all;
+			__be16 all;
 
 			struct {
 				__be16 port;
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index e848d8d..deab27f 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -77,7 +77,8 @@
 hash_by_src(const struct nf_conntrack_tuple *tuple)
 {
 	/* Original src, to ensure we map it consistently if poss. */
-	return jhash_3words((__force u32)tuple->src.u3.ip, tuple->src.u.all,
+	return jhash_3words((__force u32)tuple->src.u3.ip,
+			    (__force u32)tuple->src.u.all,
 			    tuple->dst.protonum, 0) % nf_nat_htable_size;
 }
 
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 0f45427..76ec59a 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -192,7 +192,7 @@
 		= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
 		   ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip
 		   : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip);
-	u_int16_t all
+	__be16 all
 		= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
 		   ? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.all
 		   : ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.all);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index aa086c8..0fe1188 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -79,7 +79,8 @@
 	a = jhash2(tuple->src.u3.all, ARRAY_SIZE(tuple->src.u3.all),
 		   (tuple->src.l3num << 16) | tuple->dst.protonum);
 	b = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),
-		   (tuple->src.u.all << 16) | tuple->dst.u.all);
+		   ((__force __u16)tuple->src.u.all << 16) |
+		    (__force __u16)tuple->dst.u.all);
 
 	return jhash_2words(a, b, rnd) % size;
 }
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 1aa6229..eb6695d 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -80,7 +80,7 @@
 
 	return jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),
 		      (((tuple->dst.protonum ^ tuple->src.l3num) << 16) |
-		       tuple->dst.u.all) ^ nf_ct_expect_hash_rnd) %
+		       (__force __u16)tuple->dst.u.all) ^ nf_ct_expect_hash_rnd) %
 	       nf_ct_expect_hsize;
 }
 
@@ -259,8 +259,8 @@
 	}
 
 	if (src) {
-		exp->tuple.src.u.all = (__force u16)*src;
-		exp->mask.src.u.all = 0xFFFF;
+		exp->tuple.src.u.all = *src;
+		exp->mask.src.u.all = htons(0xFFFF);
 	} else {
 		exp->tuple.src.u.all = 0;
 		exp->mask.src.u.all = 0;
@@ -272,7 +272,7 @@
 		memset((void *)&exp->tuple.dst.u3 + len, 0x00,
 		       sizeof(exp->tuple.dst.u3) - len);
 
-	exp->tuple.dst.u.all = (__force u16)*dst;
+	exp->tuple.dst.u.all = *dst;
 }
 EXPORT_SYMBOL_GPL(nf_ct_expect_init);
 
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index ca10df4..96aa637 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -39,7 +39,7 @@
 static unsigned int helper_hash(const struct nf_conntrack_tuple *tuple)
 {
 	return (((tuple->src.l3num << 8) | tuple->dst.protonum) ^
-		tuple->src.u.all) % nf_ct_helper_hsize;
+		(__force __u16)tuple->src.u.all) % nf_ct_helper_hsize;
 }
 
 struct nf_conntrack_helper *
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 3335dd5..06cff1d 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -42,13 +42,13 @@
 static u_int32_t connlimit_rnd;
 static bool connlimit_rnd_inited;
 
-static inline unsigned int connlimit_iphash(u_int32_t addr)
+static inline unsigned int connlimit_iphash(__be32 addr)
 {
 	if (unlikely(!connlimit_rnd_inited)) {
 		get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd));
 		connlimit_rnd_inited = true;
 	}
-	return jhash_1word(addr, connlimit_rnd) & 0xFF;
+	return jhash_1word((__force __u32)addr, connlimit_rnd) & 0xFF;
 }
 
 static inline unsigned int
@@ -66,7 +66,7 @@
 	for (i = 0; i < ARRAY_SIZE(addr->ip6); ++i)
 		res.ip6[i] = addr->ip6[i] & mask->ip6[i];
 
-	return jhash2(res.ip6, ARRAY_SIZE(res.ip6), connlimit_rnd) & 0xFF;
+	return jhash2((u32 *)res.ip6, ARRAY_SIZE(res.ip6), connlimit_rnd) & 0xFF;
 }
 
 static inline bool already_closed(const struct nf_conn *conn)
diff --git a/net/netfilter/xt_u32.c b/net/netfilter/xt_u32.c
index 04b677a..74f9b14 100644
--- a/net/netfilter/xt_u32.c
+++ b/net/netfilter/xt_u32.c
@@ -21,6 +21,7 @@
 	unsigned int nnums;
 	unsigned int nvals;
 	unsigned int i;
+	__be32 n;
 	u_int32_t pos;
 	u_int32_t val;
 	u_int32_t at;
@@ -38,9 +39,9 @@
 		if (skb->len < 4 || pos > skb->len - 4);
 			return false;
 
-		ret   = skb_copy_bits(skb, pos, &val, sizeof(val));
+		ret   = skb_copy_bits(skb, pos, &n, sizeof(n));
 		BUG_ON(ret < 0);
-		val   = ntohl(val);
+		val   = ntohl(n);
 		nnums = ct->nnums;
 
 		/* Inner loop runs over "&", "<<", ">>" and "@" operands */
@@ -65,10 +66,10 @@
 				    pos > skb->len - at - 4)
 					return false;
 
-				ret = skb_copy_bits(skb, at + pos, &val,
-						    sizeof(val));
+				ret = skb_copy_bits(skb, at + pos, &n,
+						    sizeof(n));
 				BUG_ON(ret < 0);
-				val = ntohl(val);
+				val = ntohl(n);
 				break;
 			}
 		}