diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-08-24 08:56:30 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2009-08-24 08:56:30 -0400 |
| commit | 35aad0ffdf548617940ca1e78be1f2e0bafc4496 (patch) | |
| tree | 1cab1705197cd247a5b5809e768e89f630c8460e | |
| parent | dc05a564ab1b3a1957927da50912964b61f7da69 (diff) | |
netfilter: xtables: mark initial tables constant
The inputted table is never modified, so should be considered const.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
22 files changed, 42 insertions, 37 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 4fa6e4c263e0..812cb153cabb 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -407,7 +407,7 @@ extern int xt_check_target(struct xt_tgchk_param *, | |||
| 407 | unsigned int size, u_int8_t proto, bool inv_proto); | 407 | unsigned int size, u_int8_t proto, bool inv_proto); |
| 408 | 408 | ||
| 409 | extern struct xt_table *xt_register_table(struct net *net, | 409 | extern struct xt_table *xt_register_table(struct net *net, |
| 410 | struct xt_table *table, | 410 | const struct xt_table *table, |
| 411 | struct xt_table_info *bootstrap, | 411 | struct xt_table_info *bootstrap, |
| 412 | struct xt_table_info *newinfo); | 412 | struct xt_table_info *newinfo); |
| 413 | extern void *xt_unregister_table(struct xt_table *table); | 413 | extern void *xt_unregister_table(struct xt_table *table); |
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index 590ac3d6d5d6..6fe3e6aa10db 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
| @@ -265,7 +265,7 @@ struct arpt_error | |||
| 265 | } | 265 | } |
| 266 | 266 | ||
| 267 | extern struct xt_table *arpt_register_table(struct net *net, | 267 | extern struct xt_table *arpt_register_table(struct net *net, |
| 268 | struct xt_table *table, | 268 | const struct xt_table *table, |
| 269 | const struct arpt_replace *repl); | 269 | const struct arpt_replace *repl); |
| 270 | extern void arpt_unregister_table(struct xt_table *table); | 270 | extern void arpt_unregister_table(struct xt_table *table); |
| 271 | extern unsigned int arpt_do_table(struct sk_buff *skb, | 271 | extern unsigned int arpt_do_table(struct sk_buff *skb, |
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index e40ddb94b1af..ea281e6a2048 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h | |||
| @@ -301,7 +301,7 @@ struct ebt_table | |||
| 301 | #define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \ | 301 | #define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \ |
| 302 | ~(__alignof__(struct ebt_replace)-1)) | 302 | ~(__alignof__(struct ebt_replace)-1)) |
| 303 | extern struct ebt_table *ebt_register_table(struct net *net, | 303 | extern struct ebt_table *ebt_register_table(struct net *net, |
| 304 | struct ebt_table *table); | 304 | const struct ebt_table *table); |
| 305 | extern void ebt_unregister_table(struct ebt_table *table); | 305 | extern void ebt_unregister_table(struct ebt_table *table); |
| 306 | extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, | 306 | extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, |
| 307 | const struct net_device *in, const struct net_device *out, | 307 | const struct net_device *in, const struct net_device *out, |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 092bd50581a9..61fafc868a7b 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
| @@ -245,7 +245,7 @@ ipt_get_target(struct ipt_entry *e) | |||
| 245 | extern void ipt_init(void) __init; | 245 | extern void ipt_init(void) __init; |
| 246 | 246 | ||
| 247 | extern struct xt_table *ipt_register_table(struct net *net, | 247 | extern struct xt_table *ipt_register_table(struct net *net, |
| 248 | struct xt_table *table, | 248 | const struct xt_table *table, |
| 249 | const struct ipt_replace *repl); | 249 | const struct ipt_replace *repl); |
| 250 | extern void ipt_unregister_table(struct xt_table *table); | 250 | extern void ipt_unregister_table(struct xt_table *table); |
| 251 | 251 | ||
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 1089e33cf633..a64e1451ac38 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
| @@ -306,7 +306,7 @@ ip6t_get_target(struct ip6t_entry *e) | |||
| 306 | extern void ip6t_init(void) __init; | 306 | extern void ip6t_init(void) __init; |
| 307 | 307 | ||
| 308 | extern struct xt_table *ip6t_register_table(struct net *net, | 308 | extern struct xt_table *ip6t_register_table(struct net *net, |
| 309 | struct xt_table *table, | 309 | const struct xt_table *table, |
| 310 | const struct ip6t_replace *repl); | 310 | const struct ip6t_replace *repl); |
| 311 | extern void ip6t_unregister_table(struct xt_table *table); | 311 | extern void ip6t_unregister_table(struct xt_table *table); |
| 312 | extern unsigned int ip6t_do_table(struct sk_buff *skb, | 312 | extern unsigned int ip6t_do_table(struct sk_buff *skb, |
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index c751111440f8..d32ab13e728c 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c | |||
| @@ -41,7 +41,7 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) | |||
| 41 | return 0; | 41 | return 0; |
| 42 | } | 42 | } |
| 43 | 43 | ||
| 44 | static struct ebt_table broute_table = | 44 | static const struct ebt_table broute_table = |
| 45 | { | 45 | { |
| 46 | .name = "broute", | 46 | .name = "broute", |
| 47 | .table = &initial_table, | 47 | .table = &initial_table, |
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index 4b988db3cd4d..60b1a6ca7185 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c | |||
| @@ -50,7 +50,7 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) | |||
| 50 | return 0; | 50 | return 0; |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | static struct ebt_table frame_filter = | 53 | static const struct ebt_table frame_filter = |
| 54 | { | 54 | { |
| 55 | .name = "filter", | 55 | .name = "filter", |
| 56 | .table = &initial_table, | 56 | .table = &initial_table, |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 37928d5f2840..bd1c65425d4f 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
| @@ -1103,23 +1103,24 @@ free_newinfo: | |||
| 1103 | return ret; | 1103 | return ret; |
| 1104 | } | 1104 | } |
| 1105 | 1105 | ||
| 1106 | struct ebt_table *ebt_register_table(struct net *net, struct ebt_table *table) | 1106 | struct ebt_table * |
| 1107 | ebt_register_table(struct net *net, const struct ebt_table *input_table) | ||
| 1107 | { | 1108 | { |
| 1108 | struct ebt_table_info *newinfo; | 1109 | struct ebt_table_info *newinfo; |
| 1109 | struct ebt_table *t; | 1110 | struct ebt_table *t, *table; |
| 1110 | struct ebt_replace_kernel *repl; | 1111 | struct ebt_replace_kernel *repl; |
| 1111 | int ret, i, countersize; | 1112 | int ret, i, countersize; |
| 1112 | void *p; | 1113 | void *p; |
| 1113 | 1114 | ||
| 1114 | if (!table || !(repl = table->table) || !repl->entries || | 1115 | if (input_table == NULL || (repl = input_table->table) == NULL || |
| 1115 | repl->entries_size == 0 || | 1116 | repl->entries == 0 || repl->entries_size == 0 || |
| 1116 | repl->counters || table->private) { | 1117 | repl->counters != NULL || input_table->private != NULL) { |
| 1117 | BUGPRINT("Bad table data for ebt_register_table!!!\n"); | 1118 | BUGPRINT("Bad table data for ebt_register_table!!!\n"); |
| 1118 | return ERR_PTR(-EINVAL); | 1119 | return ERR_PTR(-EINVAL); |
| 1119 | } | 1120 | } |
| 1120 | 1121 | ||
| 1121 | /* Don't add one table to multiple lists. */ | 1122 | /* Don't add one table to multiple lists. */ |
| 1122 | table = kmemdup(table, sizeof(struct ebt_table), GFP_KERNEL); | 1123 | table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL); |
| 1123 | if (!table) { | 1124 | if (!table) { |
| 1124 | ret = -ENOMEM; | 1125 | ret = -ENOMEM; |
| 1125 | goto out; | 1126 | goto out; |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 7bc11ffbb845..27774c99d888 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -1778,7 +1778,8 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len | |||
| 1778 | return ret; | 1778 | return ret; |
| 1779 | } | 1779 | } |
| 1780 | 1780 | ||
| 1781 | struct xt_table *arpt_register_table(struct net *net, struct xt_table *table, | 1781 | struct xt_table *arpt_register_table(struct net *net, |
| 1782 | const struct xt_table *table, | ||
| 1782 | const struct arpt_replace *repl) | 1783 | const struct arpt_replace *repl) |
| 1783 | { | 1784 | { |
| 1784 | int ret; | 1785 | int ret; |
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index 6ecfdae7c589..97337601827a 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
| @@ -15,7 +15,7 @@ MODULE_DESCRIPTION("arptables filter table"); | |||
| 15 | #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ | 15 | #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ |
| 16 | (1 << NF_ARP_FORWARD)) | 16 | (1 << NF_ARP_FORWARD)) |
| 17 | 17 | ||
| 18 | static struct | 18 | static const struct |
| 19 | { | 19 | { |
| 20 | struct arpt_replace repl; | 20 | struct arpt_replace repl; |
| 21 | struct arpt_standard entries[3]; | 21 | struct arpt_standard entries[3]; |
| @@ -45,7 +45,7 @@ static struct | |||
| 45 | .term = ARPT_ERROR_INIT, | 45 | .term = ARPT_ERROR_INIT, |
| 46 | }; | 46 | }; |
| 47 | 47 | ||
| 48 | static struct xt_table packet_filter = { | 48 | static const struct xt_table packet_filter = { |
| 49 | .name = "filter", | 49 | .name = "filter", |
| 50 | .valid_hooks = FILTER_VALID_HOOKS, | 50 | .valid_hooks = FILTER_VALID_HOOKS, |
| 51 | .me = THIS_MODULE, | 51 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 0b43fd7ca04a..cde755d5eeab 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -2065,7 +2065,8 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
| 2065 | return ret; | 2065 | return ret; |
| 2066 | } | 2066 | } |
| 2067 | 2067 | ||
| 2068 | struct xt_table *ipt_register_table(struct net *net, struct xt_table *table, | 2068 | struct xt_table *ipt_register_table(struct net *net, |
| 2069 | const struct xt_table *table, | ||
| 2069 | const struct ipt_replace *repl) | 2070 | const struct ipt_replace *repl) |
| 2070 | { | 2071 | { |
| 2071 | int ret; | 2072 | int ret; |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 97dbd94a8e37..df566cbd68e5 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
| @@ -53,7 +53,7 @@ static struct | |||
| 53 | .term = IPT_ERROR_INIT, /* ERROR */ | 53 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 54 | }; | 54 | }; |
| 55 | 55 | ||
| 56 | static struct xt_table packet_filter = { | 56 | static const struct xt_table packet_filter = { |
| 57 | .name = "filter", | 57 | .name = "filter", |
| 58 | .valid_hooks = FILTER_VALID_HOOKS, | 58 | .valid_hooks = FILTER_VALID_HOOKS, |
| 59 | .me = THIS_MODULE, | 59 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 28647f10aa7e..036047f9b0f2 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
| @@ -28,7 +28,7 @@ MODULE_DESCRIPTION("iptables mangle table"); | |||
| 28 | (1 << NF_INET_POST_ROUTING)) | 28 | (1 << NF_INET_POST_ROUTING)) |
| 29 | 29 | ||
| 30 | /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ | 30 | /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ |
| 31 | static struct | 31 | static const struct |
| 32 | { | 32 | { |
| 33 | struct ipt_replace repl; | 33 | struct ipt_replace repl; |
| 34 | struct ipt_standard entries[5]; | 34 | struct ipt_standard entries[5]; |
| @@ -64,7 +64,7 @@ static struct | |||
| 64 | .term = IPT_ERROR_INIT, /* ERROR */ | 64 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 65 | }; | 65 | }; |
| 66 | 66 | ||
| 67 | static struct xt_table packet_mangler = { | 67 | static const struct xt_table packet_mangler = { |
| 68 | .name = "mangle", | 68 | .name = "mangle", |
| 69 | .valid_hooks = MANGLE_VALID_HOOKS, | 69 | .valid_hooks = MANGLE_VALID_HOOKS, |
| 70 | .me = THIS_MODULE, | 70 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 494784c999eb..993edc23be09 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
| @@ -9,7 +9,7 @@ | |||
| 9 | 9 | ||
| 10 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) | 10 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) |
| 11 | 11 | ||
| 12 | static struct | 12 | static const struct |
| 13 | { | 13 | { |
| 14 | struct ipt_replace repl; | 14 | struct ipt_replace repl; |
| 15 | struct ipt_standard entries[2]; | 15 | struct ipt_standard entries[2]; |
| @@ -36,7 +36,7 @@ static struct | |||
| 36 | .term = IPT_ERROR_INIT, /* ERROR */ | 36 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 37 | }; | 37 | }; |
| 38 | 38 | ||
| 39 | static struct xt_table packet_raw = { | 39 | static const struct xt_table packet_raw = { |
| 40 | .name = "raw", | 40 | .name = "raw", |
| 41 | .valid_hooks = RAW_VALID_HOOKS, | 41 | .valid_hooks = RAW_VALID_HOOKS, |
| 42 | .me = THIS_MODULE, | 42 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c index 8804e1a0f915..99eb76c65d25 100644 --- a/net/ipv4/netfilter/iptable_security.c +++ b/net/ipv4/netfilter/iptable_security.c | |||
| @@ -27,7 +27,7 @@ MODULE_DESCRIPTION("iptables security table, for MAC rules"); | |||
| 27 | (1 << NF_INET_FORWARD) | \ | 27 | (1 << NF_INET_FORWARD) | \ |
| 28 | (1 << NF_INET_LOCAL_OUT) | 28 | (1 << NF_INET_LOCAL_OUT) |
| 29 | 29 | ||
| 30 | static struct | 30 | static const struct |
| 31 | { | 31 | { |
| 32 | struct ipt_replace repl; | 32 | struct ipt_replace repl; |
| 33 | struct ipt_standard entries[3]; | 33 | struct ipt_standard entries[3]; |
| @@ -57,7 +57,7 @@ static struct | |||
| 57 | .term = IPT_ERROR_INIT, /* ERROR */ | 57 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 58 | }; | 58 | }; |
| 59 | 59 | ||
| 60 | static struct xt_table security_table = { | 60 | static const struct xt_table security_table = { |
| 61 | .name = "security", | 61 | .name = "security", |
| 62 | .valid_hooks = SECURITY_VALID_HOOKS, | 62 | .valid_hooks = SECURITY_VALID_HOOKS, |
| 63 | .me = THIS_MODULE, | 63 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 6448a9b7d6f0..9e81e0dfb4ec 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
| @@ -28,7 +28,7 @@ | |||
| 28 | (1 << NF_INET_POST_ROUTING) | \ | 28 | (1 << NF_INET_POST_ROUTING) | \ |
| 29 | (1 << NF_INET_LOCAL_OUT)) | 29 | (1 << NF_INET_LOCAL_OUT)) |
| 30 | 30 | ||
| 31 | static struct | 31 | static const struct |
| 32 | { | 32 | { |
| 33 | struct ipt_replace repl; | 33 | struct ipt_replace repl; |
| 34 | struct ipt_standard entries[3]; | 34 | struct ipt_standard entries[3]; |
| @@ -58,7 +58,7 @@ static struct | |||
| 58 | .term = IPT_ERROR_INIT, /* ERROR */ | 58 | .term = IPT_ERROR_INIT, /* ERROR */ |
| 59 | }; | 59 | }; |
| 60 | 60 | ||
| 61 | static struct xt_table nat_table = { | 61 | static const struct xt_table nat_table = { |
| 62 | .name = "nat", | 62 | .name = "nat", |
| 63 | .valid_hooks = NAT_VALID_HOOKS, | 63 | .valid_hooks = NAT_VALID_HOOKS, |
| 64 | .me = THIS_MODULE, | 64 | .me = THIS_MODULE, |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index a5d0c27cc26f..cc9f8ef303fd 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -2100,7 +2100,8 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
| 2100 | return ret; | 2100 | return ret; |
| 2101 | } | 2101 | } |
| 2102 | 2102 | ||
| 2103 | struct xt_table *ip6t_register_table(struct net *net, struct xt_table *table, | 2103 | struct xt_table *ip6t_register_table(struct net *net, |
| 2104 | const struct xt_table *table, | ||
| 2104 | const struct ip6t_replace *repl) | 2105 | const struct ip6t_replace *repl) |
| 2105 | { | 2106 | { |
| 2106 | int ret; | 2107 | int ret; |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 0a3ae48ac4d5..6f4383ad86f9 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
| @@ -51,7 +51,7 @@ static struct | |||
| 51 | .term = IP6T_ERROR_INIT, /* ERROR */ | 51 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 52 | }; | 52 | }; |
| 53 | 53 | ||
| 54 | static struct xt_table packet_filter = { | 54 | static const struct xt_table packet_filter = { |
| 55 | .name = "filter", | 55 | .name = "filter", |
| 56 | .valid_hooks = FILTER_VALID_HOOKS, | 56 | .valid_hooks = FILTER_VALID_HOOKS, |
| 57 | .me = THIS_MODULE, | 57 | .me = THIS_MODULE, |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index 0f49e005a8c5..0ad91433ed61 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -21,7 +21,7 @@ MODULE_DESCRIPTION("ip6tables mangle table"); | |||
| 21 | (1 << NF_INET_LOCAL_OUT) | \ | 21 | (1 << NF_INET_LOCAL_OUT) | \ |
| 22 | (1 << NF_INET_POST_ROUTING)) | 22 | (1 << NF_INET_POST_ROUTING)) |
| 23 | 23 | ||
| 24 | static struct | 24 | static const struct |
| 25 | { | 25 | { |
| 26 | struct ip6t_replace repl; | 26 | struct ip6t_replace repl; |
| 27 | struct ip6t_standard entries[5]; | 27 | struct ip6t_standard entries[5]; |
| @@ -57,7 +57,7 @@ static struct | |||
| 57 | .term = IP6T_ERROR_INIT, /* ERROR */ | 57 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 58 | }; | 58 | }; |
| 59 | 59 | ||
| 60 | static struct xt_table packet_mangler = { | 60 | static const struct xt_table packet_mangler = { |
| 61 | .name = "mangle", | 61 | .name = "mangle", |
| 62 | .valid_hooks = MANGLE_VALID_HOOKS, | 62 | .valid_hooks = MANGLE_VALID_HOOKS, |
| 63 | .me = THIS_MODULE, | 63 | .me = THIS_MODULE, |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 679865e3d5ff..ed1a1180f3b3 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
| @@ -8,7 +8,7 @@ | |||
| 8 | 8 | ||
| 9 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) | 9 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) |
| 10 | 10 | ||
| 11 | static struct | 11 | static const struct |
| 12 | { | 12 | { |
| 13 | struct ip6t_replace repl; | 13 | struct ip6t_replace repl; |
| 14 | struct ip6t_standard entries[2]; | 14 | struct ip6t_standard entries[2]; |
| @@ -35,7 +35,7 @@ static struct | |||
| 35 | .term = IP6T_ERROR_INIT, /* ERROR */ | 35 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 36 | }; | 36 | }; |
| 37 | 37 | ||
| 38 | static struct xt_table packet_raw = { | 38 | static const struct xt_table packet_raw = { |
| 39 | .name = "raw", | 39 | .name = "raw", |
| 40 | .valid_hooks = RAW_VALID_HOOKS, | 40 | .valid_hooks = RAW_VALID_HOOKS, |
| 41 | .me = THIS_MODULE, | 41 | .me = THIS_MODULE, |
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c index 822afabbdc88..41b444c60934 100644 --- a/net/ipv6/netfilter/ip6table_security.c +++ b/net/ipv6/netfilter/ip6table_security.c | |||
| @@ -26,7 +26,7 @@ MODULE_DESCRIPTION("ip6tables security table, for MAC rules"); | |||
| 26 | (1 << NF_INET_FORWARD) | \ | 26 | (1 << NF_INET_FORWARD) | \ |
| 27 | (1 << NF_INET_LOCAL_OUT) | 27 | (1 << NF_INET_LOCAL_OUT) |
| 28 | 28 | ||
| 29 | static struct | 29 | static const struct |
| 30 | { | 30 | { |
| 31 | struct ip6t_replace repl; | 31 | struct ip6t_replace repl; |
| 32 | struct ip6t_standard entries[3]; | 32 | struct ip6t_standard entries[3]; |
| @@ -56,7 +56,7 @@ static struct | |||
| 56 | .term = IP6T_ERROR_INIT, /* ERROR */ | 56 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 57 | }; | 57 | }; |
| 58 | 58 | ||
| 59 | static struct xt_table security_table = { | 59 | static const struct xt_table security_table = { |
| 60 | .name = "security", | 60 | .name = "security", |
| 61 | .valid_hooks = SECURITY_VALID_HOOKS, | 61 | .valid_hooks = SECURITY_VALID_HOOKS, |
| 62 | .me = THIS_MODULE, | 62 | .me = THIS_MODULE, |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 025d1a0af78b..a6ac83a93348 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
| @@ -736,16 +736,17 @@ xt_replace_table(struct xt_table *table, | |||
| 736 | } | 736 | } |
| 737 | EXPORT_SYMBOL_GPL(xt_replace_table); | 737 | EXPORT_SYMBOL_GPL(xt_replace_table); |
| 738 | 738 | ||
| 739 | struct xt_table *xt_register_table(struct net *net, struct xt_table *table, | 739 | struct xt_table *xt_register_table(struct net *net, |
| 740 | const struct xt_table *input_table, | ||
| 740 | struct xt_table_info *bootstrap, | 741 | struct xt_table_info *bootstrap, |
| 741 | struct xt_table_info *newinfo) | 742 | struct xt_table_info *newinfo) |
| 742 | { | 743 | { |
| 743 | int ret; | 744 | int ret; |
| 744 | struct xt_table_info *private; | 745 | struct xt_table_info *private; |
| 745 | struct xt_table *t; | 746 | struct xt_table *t, *table; |
| 746 | 747 | ||
| 747 | /* Don't add one object to multiple lists. */ | 748 | /* Don't add one object to multiple lists. */ |
| 748 | table = kmemdup(table, sizeof(struct xt_table), GFP_KERNEL); | 749 | table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL); |
| 749 | if (!table) { | 750 | if (!table) { |
| 750 | ret = -ENOMEM; | 751 | ret = -ENOMEM; |
| 751 | goto out; | 752 | goto out; |