These definitions should be const, propagate this to all existing users. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- iptables/nft.c | 42 +++++++++++++++++++++--------------------- iptables/nft.h | 14 +++++++------- iptables/xtables-restore.c | 4 ++-- iptables/xtables-save.c | 2 +- iptables/xtables-translate.c | 2 +- 5 files changed, 32 insertions(+), 32 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 618171e3208a..0223c0ed1000 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -376,7 +376,7 @@ static int batch_rule_add(struct nft_handle *h, enum obj_update_type type, return batch_add(h, type, r); } -struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = { +const struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = { [NFT_TABLE_RAW] = { .name = "raw", .type = NFT_TABLE_RAW, @@ -513,7 +513,7 @@ struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = { #include <linux/netfilter_arp.h> -struct builtin_table xtables_arp[NFT_TABLE_MAX] = { +const struct builtin_table xtables_arp[NFT_TABLE_MAX] = { [NFT_TABLE_FILTER] = { .name = "filter", .type = NFT_TABLE_FILTER, @@ -536,7 +536,7 @@ struct builtin_table xtables_arp[NFT_TABLE_MAX] = { #include <linux/netfilter_bridge.h> -struct builtin_table xtables_bridge[NFT_TABLE_MAX] = { +const struct builtin_table xtables_bridge[NFT_TABLE_MAX] = { [NFT_TABLE_FILTER] = { .name = "filter", .type = NFT_TABLE_FILTER, @@ -594,7 +594,7 @@ static bool nft_table_initialized(const struct nft_handle *h, } static int nft_table_builtin_add(struct nft_handle *h, - struct builtin_table *_t) + const struct builtin_table *_t) { struct nftnl_table *t; int ret; @@ -614,8 +614,8 @@ static int nft_table_builtin_add(struct nft_handle *h, } static struct nftnl_chain * -nft_chain_builtin_alloc(struct builtin_table *table, - struct builtin_chain *chain, int policy) +nft_chain_builtin_alloc(const struct builtin_table *table, + const struct builtin_chain *chain, int policy) { struct nftnl_chain *c; @@ -634,8 +634,8 @@ nft_chain_builtin_alloc(struct builtin_table *table, } static void nft_chain_builtin_add(struct nft_handle *h, - struct builtin_table *table, - struct builtin_chain *chain) + const struct builtin_table *table, + const struct builtin_chain *chain) { struct nftnl_chain *c; @@ -647,7 +647,7 @@ static void nft_chain_builtin_add(struct nft_handle *h, } /* find if built-in table already exists */ -struct builtin_table * +const struct builtin_table * nft_table_builtin_find(struct nft_handle *h, const char *table) { int i; @@ -668,8 +668,8 @@ nft_table_builtin_find(struct nft_handle *h, const char *table) } /* find if built-in chain already exists */ -struct builtin_chain * -nft_chain_builtin_find(struct builtin_table *t, const char *chain) +const struct builtin_chain * +nft_chain_builtin_find(const struct builtin_table *t, const char *chain) { int i; bool found = false; @@ -685,7 +685,7 @@ nft_chain_builtin_find(struct builtin_table *t, const char *chain) } static void nft_chain_builtin_init(struct nft_handle *h, - struct builtin_table *table) + const struct builtin_table *table) { struct nftnl_chain_list *list = nft_chain_list_get(h, table->name); struct nftnl_chain *c; @@ -707,7 +707,7 @@ static void nft_chain_builtin_init(struct nft_handle *h, static int nft_xt_builtin_init(struct nft_handle *h, const char *table) { - struct builtin_table *t; + const struct builtin_table *t; t = nft_table_builtin_find(h, table); if (t == NULL) @@ -750,7 +750,7 @@ static int nft_restart(struct nft_handle *h) return 0; } -int nft_init(struct nft_handle *h, struct builtin_table *t) +int nft_init(struct nft_handle *h, const struct builtin_table *t) { h->nl = mnl_socket_open(NETLINK_NETFILTER); if (h->nl == NULL) @@ -852,8 +852,8 @@ static struct nftnl_chain *nft_chain_new(struct nft_handle *h, const struct xt_counters *counters) { struct nftnl_chain *c; - struct builtin_table *_t; - struct builtin_chain *_c; + const struct builtin_table *_t; + const struct builtin_chain *_c; _t = nft_table_builtin_find(h, table); if (!_t) { @@ -1294,7 +1294,7 @@ nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type, static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data) { struct nft_handle *h = data; - struct builtin_table *t; + const struct builtin_table *t; struct nftnl_chain *c; c = nftnl_chain_alloc(); @@ -1329,7 +1329,7 @@ struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h, { char buf[16536]; struct nlmsghdr *nlh; - struct builtin_table *t; + const struct builtin_table *t; int ret; t = nft_table_builtin_find(h, table); @@ -1730,7 +1730,7 @@ nft_chain_find(struct nft_handle *h, const char *table, const char *chain) bool nft_chain_exists(struct nft_handle *h, const char *table, const char *chain) { - struct builtin_table *t = nft_table_builtin_find(h, table); + const struct builtin_table *t = nft_table_builtin_find(h, table); /* xtables does not support custom tables */ if (!t) @@ -1895,7 +1895,7 @@ int nft_for_each_table(struct nft_handle *h, static int __nft_table_flush(struct nft_handle *h, const char *table) { - struct builtin_table *_t; + const struct builtin_table *_t; struct nftnl_table *t; t = nftnl_table_alloc(); @@ -3193,7 +3193,7 @@ static int nft_is_chain_compatible(const struct nft_handle *h, const struct nftnl_chain *chain) { const char *table, *name, *type, *cur_table; - struct builtin_chain *chains; + const struct builtin_chain *chains; int i, j, prio; enum nf_inet_hooks hook; diff --git a/iptables/nft.h b/iptables/nft.h index 9fe83ad134da..711199948a89 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -37,7 +37,7 @@ struct nft_handle { struct nftnl_batch *batch; struct list_head err_list; struct nft_family_ops *ops; - struct builtin_table *tables; + const struct builtin_table *tables; struct { struct nftnl_chain_list *chain_cache; bool initialized; @@ -52,14 +52,14 @@ struct nft_handle { } error; }; -extern struct builtin_table xtables_ipv4[NFT_TABLE_MAX]; -extern struct builtin_table xtables_arp[NFT_TABLE_MAX]; -extern struct builtin_table xtables_bridge[NFT_TABLE_MAX]; +extern const struct builtin_table xtables_ipv4[NFT_TABLE_MAX]; +extern const struct builtin_table xtables_arp[NFT_TABLE_MAX]; +extern const struct builtin_table xtables_bridge[NFT_TABLE_MAX]; int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh, int (*cb)(const struct nlmsghdr *nlh, void *data), void *data); -int nft_init(struct nft_handle *h, struct builtin_table *t); +int nft_init(struct nft_handle *h, const struct builtin_table *t); void nft_fini(struct nft_handle *h); /* @@ -73,7 +73,7 @@ bool nft_table_find(struct nft_handle *h, const char *tablename); int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list); int nft_table_flush(struct nft_handle *h, const char *table); void nft_table_new(struct nft_handle *h, const char *table); -struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table); +const struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table); /* * Operations with chains. @@ -92,7 +92,7 @@ int nft_chain_user_flush(struct nft_handle *h, struct nftnl_chain_list *list, const char *chain, const char *table); int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *table, const char *newname); int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const char *table, bool verbose); -struct builtin_chain *nft_chain_builtin_find(struct builtin_table *t, const char *chain); +const struct builtin_chain *nft_chain_builtin_find(const struct builtin_table *t, const char *chain); bool nft_chain_exists(struct nft_handle *h, const char *table, const char *chain); /* diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index a46a92955a01..642876d6c70a 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -105,9 +105,9 @@ void xtables_restore_parse(struct nft_handle *h, struct nft_xt_restore_cb *cb, int argc, char *argv[]) { + const struct builtin_table *curtable = NULL; char buffer[10240]; int in_table = 0; - struct builtin_table *curtable = NULL; const struct xtc_ops *ops = &xtc_ops; struct nftnl_chain_list *chain_list = NULL; @@ -359,7 +359,7 @@ void xtables_restore_parse(struct nft_handle *h, static int xtables_restore_main(int family, const char *progname, int argc, char *argv[]) { - struct builtin_table *tables; + const struct builtin_table *tables; struct nft_handle h = { .family = family, .restore = true, diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index d121d50e180f..414a864b6196 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -122,7 +122,7 @@ do_output(struct nft_handle *h, const char *tablename, bool counters) static int xtables_save_main(int family, const char *progname, int argc, char *argv[]) { - struct builtin_table *tables; + const struct builtin_table *tables; const char *tablename = NULL; bool dump = false; struct nft_handle h = { diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 849c53f30e15..e1d2a7d6cce8 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -426,7 +426,7 @@ static int xtables_xlate_main_common(struct nft_handle *h, int family, const char *progname) { - struct builtin_table *tables; + const struct builtin_table *tables; int ret; xtables_globals.program_name = progname; -- 2.11.0