These definitions should be const, propagate this to all existing users.
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
iptables/nft.c | 42 +++++++++++++++++++++---------------------
iptables/nft.h | 14 +++++++-------
iptables/xtables-restore.c | 4 ++--
iptables/xtables-save.c | 2 +-
iptables/xtables-translate.c | 2 +-
5 files changed, 32 insertions(+), 32 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index 618171e3208a..0223c0ed1000 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -376,7 +376,7 @@ static int batch_rule_add(struct nft_handle *h, enum
obj_update_type type,
return batch_add(h, type, r);
}
-struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
+const struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
[NFT_TABLE_RAW] = {
.name = "raw",
.type = NFT_TABLE_RAW,
@@ -513,7 +513,7 @@ struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
#include <linux/netfilter_arp.h>
-struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
+const struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
[NFT_TABLE_FILTER] = {
.name = "filter",
.type = NFT_TABLE_FILTER,
@@ -536,7 +536,7 @@ struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
#include <linux/netfilter_bridge.h>
-struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
+const struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
[NFT_TABLE_FILTER] = {
.name = "filter",
.type = NFT_TABLE_FILTER,
@@ -594,7 +594,7 @@ static bool nft_table_initialized(const struct nft_handle
*h,
}
static int nft_table_builtin_add(struct nft_handle *h,
- struct builtin_table *_t)
+ const struct builtin_table *_t)
{
struct nftnl_table *t;
int ret;
@@ -614,8 +614,8 @@ static int nft_table_builtin_add(struct nft_handle *h,
}
static struct nftnl_chain *
-nft_chain_builtin_alloc(struct builtin_table *table,
- struct builtin_chain *chain, int policy)
+nft_chain_builtin_alloc(const struct builtin_table *table,
+ const struct builtin_chain *chain, int policy)
{
struct nftnl_chain *c;
@@ -634,8 +634,8 @@ nft_chain_builtin_alloc(struct builtin_table *table,
}
static void nft_chain_builtin_add(struct nft_handle *h,
- struct builtin_table *table,
- struct builtin_chain *chain)
+ const struct builtin_table *table,
+ const struct builtin_chain *chain)
{
struct nftnl_chain *c;
@@ -647,7 +647,7 @@ static void nft_chain_builtin_add(struct nft_handle *h,
}
/* find if built-in table already exists */
-struct builtin_table *
+const struct builtin_table *
nft_table_builtin_find(struct nft_handle *h, const char *table)
{
int i;
@@ -668,8 +668,8 @@ nft_table_builtin_find(struct nft_handle *h, const char
*table)
}
/* find if built-in chain already exists */
-struct builtin_chain *
-nft_chain_builtin_find(struct builtin_table *t, const char *chain)
+const struct builtin_chain *
+nft_chain_builtin_find(const struct builtin_table *t, const char *chain)
{
int i;
bool found = false;
@@ -685,7 +685,7 @@ nft_chain_builtin_find(struct builtin_table *t, const char
*chain)
}
static void nft_chain_builtin_init(struct nft_handle *h,
- struct builtin_table *table)
+ const struct builtin_table *table)
{
struct nftnl_chain_list *list = nft_chain_list_get(h, table->name);
struct nftnl_chain *c;
@@ -707,7 +707,7 @@ static void nft_chain_builtin_init(struct nft_handle *h,
static int nft_xt_builtin_init(struct nft_handle *h, const char *table)
{
- struct builtin_table *t;
+ const struct builtin_table *t;
t = nft_table_builtin_find(h, table);
if (t == NULL)
@@ -750,7 +750,7 @@ static int nft_restart(struct nft_handle *h)
return 0;
}
-int nft_init(struct nft_handle *h, struct builtin_table *t)
+int nft_init(struct nft_handle *h, const struct builtin_table *t)
{
h->nl = mnl_socket_open(NETLINK_NETFILTER);
if (h->nl == NULL)
@@ -852,8 +852,8 @@ static struct nftnl_chain *nft_chain_new(struct nft_handle
*h,
const struct xt_counters *counters)
{
struct nftnl_chain *c;
- struct builtin_table *_t;
- struct builtin_chain *_c;
+ const struct builtin_table *_t;
+ const struct builtin_chain *_c;
_t = nft_table_builtin_find(h, table);
if (!_t) {
@@ -1294,7 +1294,7 @@ nft_rule_print_save(const struct nftnl_rule *r, enum
nft_rule_print type,
static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
{
struct nft_handle *h = data;
- struct builtin_table *t;
+ const struct builtin_table *t;
struct nftnl_chain *c;
c = nftnl_chain_alloc();
@@ -1329,7 +1329,7 @@ struct nftnl_chain_list *nft_chain_list_get(struct
nft_handle *h,
{
char buf[16536];
struct nlmsghdr *nlh;
- struct builtin_table *t;
+ const struct builtin_table *t;
int ret;
t = nft_table_builtin_find(h, table);
@@ -1730,7 +1730,7 @@ nft_chain_find(struct nft_handle *h, const char *table,
const char *chain)
bool nft_chain_exists(struct nft_handle *h,
const char *table, const char *chain)
{
- struct builtin_table *t = nft_table_builtin_find(h, table);
+ const struct builtin_table *t = nft_table_builtin_find(h, table);
/* xtables does not support custom tables */
if (!t)
@@ -1895,7 +1895,7 @@ int nft_for_each_table(struct nft_handle *h,
static int __nft_table_flush(struct nft_handle *h, const char *table)
{
- struct builtin_table *_t;
+ const struct builtin_table *_t;
struct nftnl_table *t;
t = nftnl_table_alloc();
@@ -3193,7 +3193,7 @@ static int nft_is_chain_compatible(const struct
nft_handle *h,
const struct nftnl_chain *chain)
{
const char *table, *name, *type, *cur_table;
- struct builtin_chain *chains;
+ const struct builtin_chain *chains;
int i, j, prio;
enum nf_inet_hooks hook;
diff --git a/iptables/nft.h b/iptables/nft.h
index 9fe83ad134da..711199948a89 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -37,7 +37,7 @@ struct nft_handle {
struct nftnl_batch *batch;
struct list_head err_list;
struct nft_family_ops *ops;
- struct builtin_table *tables;
+ const struct builtin_table *tables;
struct {
struct nftnl_chain_list *chain_cache;
bool initialized;
@@ -52,14 +52,14 @@ struct nft_handle {
} error;
};
-extern struct builtin_table xtables_ipv4[NFT_TABLE_MAX];
-extern struct builtin_table xtables_arp[NFT_TABLE_MAX];
-extern struct builtin_table xtables_bridge[NFT_TABLE_MAX];
+extern const struct builtin_table xtables_ipv4[NFT_TABLE_MAX];
+extern const struct builtin_table xtables_arp[NFT_TABLE_MAX];
+extern const struct builtin_table xtables_bridge[NFT_TABLE_MAX];
int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
int (*cb)(const struct nlmsghdr *nlh, void *data),
void *data);
-int nft_init(struct nft_handle *h, struct builtin_table *t);
+int nft_init(struct nft_handle *h, const struct builtin_table *t);
void nft_fini(struct nft_handle *h);
/*
@@ -73,7 +73,7 @@ bool nft_table_find(struct nft_handle *h, const char
*tablename);
int nft_table_purge_chains(struct nft_handle *h, const char *table, struct
nftnl_chain_list *list);
int nft_table_flush(struct nft_handle *h, const char *table);
void nft_table_new(struct nft_handle *h, const char *table);
-struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char
*table);
+const struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const
char *table);
/*
* Operations with chains.
@@ -92,7 +92,7 @@ int nft_chain_user_flush(struct nft_handle *h, struct
nftnl_chain_list *list,
const char *chain, const char *table);
int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char
*table, const char *newname);
int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const
char *table, bool verbose);
-struct builtin_chain *nft_chain_builtin_find(struct builtin_table *t, const
char *chain);
+const struct builtin_chain *nft_chain_builtin_find(const struct builtin_table
*t, const char *chain);
bool nft_chain_exists(struct nft_handle *h, const char *table, const char
*chain);
/*
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index a46a92955a01..642876d6c70a 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -105,9 +105,9 @@ void xtables_restore_parse(struct nft_handle *h,
struct nft_xt_restore_cb *cb,
int argc, char *argv[])
{
+ const struct builtin_table *curtable = NULL;
char buffer[10240];
int in_table = 0;
- struct builtin_table *curtable = NULL;
const struct xtc_ops *ops = &xtc_ops;
struct nftnl_chain_list *chain_list = NULL;
@@ -359,7 +359,7 @@ void xtables_restore_parse(struct nft_handle *h,
static int
xtables_restore_main(int family, const char *progname, int argc, char *argv[])
{
- struct builtin_table *tables;
+ const struct builtin_table *tables;
struct nft_handle h = {
.family = family,
.restore = true,
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index d121d50e180f..414a864b6196 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -122,7 +122,7 @@ do_output(struct nft_handle *h, const char *tablename, bool
counters)
static int
xtables_save_main(int family, const char *progname, int argc, char *argv[])
{
- struct builtin_table *tables;
+ const struct builtin_table *tables;
const char *tablename = NULL;
bool dump = false;
struct nft_handle h = {
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 849c53f30e15..e1d2a7d6cce8 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -426,7 +426,7 @@ static int xtables_xlate_main_common(struct nft_handle *h,
int family,
const char *progname)
{
- struct builtin_table *tables;
+ const struct builtin_table *tables;
int ret;
xtables_globals.program_name = progname;
--
2.11.0
