Patch by Jeremy Drake.

Adds support for building with PaX hardened kernel

--- a/ipt_NETFLOW.c
+++ b/ipt_NETFLOW.c
@@ -371,14 +371,13 @@
 static int hsize_procctl(ctl_table *ctl, int write, BEFORE2632(struct file *filp,)
                         void __user *buffer, size_t *lenp, loff_t *fpos)
 {
-       void *orig = ctl->data;
+       ctl_table_no_const lctl = *ctl;
        int ret, hsize;
 
        if (write)
-               ctl->data = &hsize;
-       ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+               lctl.data = &hsize;
+       ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
        if (write) {
-               ctl->data = orig;
                if (hsize < 1)
                        return -EPERM;
                return set_hashsize(hsize)?:ret;
@@ -391,6 +390,7 @@
 {
        int ret;
        struct ipt_netflow_sock *usock;
+       ctl_table_no_const lctl = *ctl;
        
        read_lock(&sock_lock);
        if (list_empty(&usock_list)) {
@@ -401,8 +401,8 @@
        sndbuf = usock->sock->sk->sk_sndbuf;
        read_unlock(&sock_lock);
 
-       ctl->data = &sndbuf;
-       ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+       lctl.data = &sndbuf;
+       ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
        if (!write)
                return ret;
        if (sndbuf < SOCK_MIN_SNDBUF)
@@ -449,12 +449,13 @@
 static int flush_procctl(ctl_table *ctl, int write, BEFORE2632(struct file *filp,)
                         void __user *buffer, size_t *lenp, loff_t *fpos)
 {
+       ctl_table_no_const lctl = *ctl;
        int ret;
        int val;
 
        val = 0;
-       ctl->data = &val;
-       ret = proc_dointvec(ctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
+       lctl.data = &val;
+       ret = proc_dointvec(&lctl, write, BEFORE2632(filp,) buffer, lenp, fpos);
 
        if (!write)
                return ret;