diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/bridge/netfilter/ebtable_broute.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtable_filter.c | 2 | ||||
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 13 | ||||
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/arptable_filter.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_mangle.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_security.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 4 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 3 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 2 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 4 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 4 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_security.c | 4 | ||||
-rw-r--r-- | net/netfilter/x_tables.c | 7 |
17 files changed, 37 insertions, 32 deletions
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index c751111440f8..d32ab13e728c 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c | |||
@@ -41,7 +41,7 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) | |||
41 | return 0; | 41 | return 0; |
42 | } | 42 | } |
43 | 43 | ||
44 | static struct ebt_table broute_table = | 44 | static const struct ebt_table broute_table = |
45 | { | 45 | { |
46 | .name = "broute", | 46 | .name = "broute", |
47 | .table = &initial_table, | 47 | .table = &initial_table, |
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index 4b988db3cd4d..60b1a6ca7185 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c | |||
@@ -50,7 +50,7 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) | |||
50 | return 0; | 50 | return 0; |
51 | } | 51 | } |
52 | 52 | ||
53 | static struct ebt_table frame_filter = | 53 | static const struct ebt_table frame_filter = |
54 | { | 54 | { |
55 | .name = "filter", | 55 | .name = "filter", |
56 | .table = &initial_table, | 56 | .table = &initial_table, |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 37928d5f2840..bd1c65425d4f 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -1103,23 +1103,24 @@ free_newinfo: | |||
1103 | return ret; | 1103 | return ret; |
1104 | } | 1104 | } |
1105 | 1105 | ||
1106 | struct ebt_table *ebt_register_table(struct net *net, struct ebt_table *table) | 1106 | struct ebt_table * |
1107 | ebt_register_table(struct net *net, const struct ebt_table *input_table) | ||
1107 | { | 1108 | { |
1108 | struct ebt_table_info *newinfo; | 1109 | struct ebt_table_info *newinfo; |
1109 | struct ebt_table *t; | 1110 | struct ebt_table *t, *table; |
1110 | struct ebt_replace_kernel *repl; | 1111 | struct ebt_replace_kernel *repl; |
1111 | int ret, i, countersize; | 1112 | int ret, i, countersize; |
1112 | void *p; | 1113 | void *p; |
1113 | 1114 | ||
1114 | if (!table || !(repl = table->table) || !repl->entries || | 1115 | if (input_table == NULL || (repl = input_table->table) == NULL || |
1115 | repl->entries_size == 0 || | 1116 | repl->entries == 0 || repl->entries_size == 0 || |
1116 | repl->counters || table->private) { | 1117 | repl->counters != NULL || input_table->private != NULL) { |
1117 | BUGPRINT("Bad table data for ebt_register_table!!!\n"); | 1118 | BUGPRINT("Bad table data for ebt_register_table!!!\n"); |
1118 | return ERR_PTR(-EINVAL); | 1119 | return ERR_PTR(-EINVAL); |
1119 | } | 1120 | } |
1120 | 1121 | ||
1121 | /* Don't add one table to multiple lists. */ | 1122 | /* Don't add one table to multiple lists. */ |
1122 | table = kmemdup(table, sizeof(struct ebt_table), GFP_KERNEL); | 1123 | table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL); |
1123 | if (!table) { | 1124 | if (!table) { |
1124 | ret = -ENOMEM; | 1125 | ret = -ENOMEM; |
1125 | goto out; | 1126 | goto out; |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 7bc11ffbb845..27774c99d888 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -1778,7 +1778,8 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len | |||
1778 | return ret; | 1778 | return ret; |
1779 | } | 1779 | } |
1780 | 1780 | ||
1781 | struct xt_table *arpt_register_table(struct net *net, struct xt_table *table, | 1781 | struct xt_table *arpt_register_table(struct net *net, |
1782 | const struct xt_table *table, | ||
1782 | const struct arpt_replace *repl) | 1783 | const struct arpt_replace *repl) |
1783 | { | 1784 | { |
1784 | int ret; | 1785 | int ret; |
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index 6ecfdae7c589..97337601827a 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
@@ -15,7 +15,7 @@ MODULE_DESCRIPTION("arptables filter table"); | |||
15 | #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ | 15 | #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ |
16 | (1 << NF_ARP_FORWARD)) | 16 | (1 << NF_ARP_FORWARD)) |
17 | 17 | ||
18 | static struct | 18 | static const struct |
19 | { | 19 | { |
20 | struct arpt_replace repl; | 20 | struct arpt_replace repl; |
21 | struct arpt_standard entries[3]; | 21 | struct arpt_standard entries[3]; |
@@ -45,7 +45,7 @@ static struct | |||
45 | .term = ARPT_ERROR_INIT, | 45 | .term = ARPT_ERROR_INIT, |
46 | }; | 46 | }; |
47 | 47 | ||
48 | static struct xt_table packet_filter = { | 48 | static const struct xt_table packet_filter = { |
49 | .name = "filter", | 49 | .name = "filter", |
50 | .valid_hooks = FILTER_VALID_HOOKS, | 50 | .valid_hooks = FILTER_VALID_HOOKS, |
51 | .me = THIS_MODULE, | 51 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 0b43fd7ca04a..cde755d5eeab 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -2065,7 +2065,8 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
2065 | return ret; | 2065 | return ret; |
2066 | } | 2066 | } |
2067 | 2067 | ||
2068 | struct xt_table *ipt_register_table(struct net *net, struct xt_table *table, | 2068 | struct xt_table *ipt_register_table(struct net *net, |
2069 | const struct xt_table *table, | ||
2069 | const struct ipt_replace *repl) | 2070 | const struct ipt_replace *repl) |
2070 | { | 2071 | { |
2071 | int ret; | 2072 | int ret; |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 97dbd94a8e37..df566cbd68e5 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -53,7 +53,7 @@ static struct | |||
53 | .term = IPT_ERROR_INIT, /* ERROR */ | 53 | .term = IPT_ERROR_INIT, /* ERROR */ |
54 | }; | 54 | }; |
55 | 55 | ||
56 | static struct xt_table packet_filter = { | 56 | static const struct xt_table packet_filter = { |
57 | .name = "filter", | 57 | .name = "filter", |
58 | .valid_hooks = FILTER_VALID_HOOKS, | 58 | .valid_hooks = FILTER_VALID_HOOKS, |
59 | .me = THIS_MODULE, | 59 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 28647f10aa7e..036047f9b0f2 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -28,7 +28,7 @@ MODULE_DESCRIPTION("iptables mangle table"); | |||
28 | (1 << NF_INET_POST_ROUTING)) | 28 | (1 << NF_INET_POST_ROUTING)) |
29 | 29 | ||
30 | /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ | 30 | /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ |
31 | static struct | 31 | static const struct |
32 | { | 32 | { |
33 | struct ipt_replace repl; | 33 | struct ipt_replace repl; |
34 | struct ipt_standard entries[5]; | 34 | struct ipt_standard entries[5]; |
@@ -64,7 +64,7 @@ static struct | |||
64 | .term = IPT_ERROR_INIT, /* ERROR */ | 64 | .term = IPT_ERROR_INIT, /* ERROR */ |
65 | }; | 65 | }; |
66 | 66 | ||
67 | static struct xt_table packet_mangler = { | 67 | static const struct xt_table packet_mangler = { |
68 | .name = "mangle", | 68 | .name = "mangle", |
69 | .valid_hooks = MANGLE_VALID_HOOKS, | 69 | .valid_hooks = MANGLE_VALID_HOOKS, |
70 | .me = THIS_MODULE, | 70 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 494784c999eb..993edc23be09 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
@@ -9,7 +9,7 @@ | |||
9 | 9 | ||
10 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) | 10 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) |
11 | 11 | ||
12 | static struct | 12 | static const struct |
13 | { | 13 | { |
14 | struct ipt_replace repl; | 14 | struct ipt_replace repl; |
15 | struct ipt_standard entries[2]; | 15 | struct ipt_standard entries[2]; |
@@ -36,7 +36,7 @@ static struct | |||
36 | .term = IPT_ERROR_INIT, /* ERROR */ | 36 | .term = IPT_ERROR_INIT, /* ERROR */ |
37 | }; | 37 | }; |
38 | 38 | ||
39 | static struct xt_table packet_raw = { | 39 | static const struct xt_table packet_raw = { |
40 | .name = "raw", | 40 | .name = "raw", |
41 | .valid_hooks = RAW_VALID_HOOKS, | 41 | .valid_hooks = RAW_VALID_HOOKS, |
42 | .me = THIS_MODULE, | 42 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c index 8804e1a0f915..99eb76c65d25 100644 --- a/net/ipv4/netfilter/iptable_security.c +++ b/net/ipv4/netfilter/iptable_security.c | |||
@@ -27,7 +27,7 @@ MODULE_DESCRIPTION("iptables security table, for MAC rules"); | |||
27 | (1 << NF_INET_FORWARD) | \ | 27 | (1 << NF_INET_FORWARD) | \ |
28 | (1 << NF_INET_LOCAL_OUT) | 28 | (1 << NF_INET_LOCAL_OUT) |
29 | 29 | ||
30 | static struct | 30 | static const struct |
31 | { | 31 | { |
32 | struct ipt_replace repl; | 32 | struct ipt_replace repl; |
33 | struct ipt_standard entries[3]; | 33 | struct ipt_standard entries[3]; |
@@ -57,7 +57,7 @@ static struct | |||
57 | .term = IPT_ERROR_INIT, /* ERROR */ | 57 | .term = IPT_ERROR_INIT, /* ERROR */ |
58 | }; | 58 | }; |
59 | 59 | ||
60 | static struct xt_table security_table = { | 60 | static const struct xt_table security_table = { |
61 | .name = "security", | 61 | .name = "security", |
62 | .valid_hooks = SECURITY_VALID_HOOKS, | 62 | .valid_hooks = SECURITY_VALID_HOOKS, |
63 | .me = THIS_MODULE, | 63 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 6448a9b7d6f0..9e81e0dfb4ec 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -28,7 +28,7 @@ | |||
28 | (1 << NF_INET_POST_ROUTING) | \ | 28 | (1 << NF_INET_POST_ROUTING) | \ |
29 | (1 << NF_INET_LOCAL_OUT)) | 29 | (1 << NF_INET_LOCAL_OUT)) |
30 | 30 | ||
31 | static struct | 31 | static const struct |
32 | { | 32 | { |
33 | struct ipt_replace repl; | 33 | struct ipt_replace repl; |
34 | struct ipt_standard entries[3]; | 34 | struct ipt_standard entries[3]; |
@@ -58,7 +58,7 @@ static struct | |||
58 | .term = IPT_ERROR_INIT, /* ERROR */ | 58 | .term = IPT_ERROR_INIT, /* ERROR */ |
59 | }; | 59 | }; |
60 | 60 | ||
61 | static struct xt_table nat_table = { | 61 | static const struct xt_table nat_table = { |
62 | .name = "nat", | 62 | .name = "nat", |
63 | .valid_hooks = NAT_VALID_HOOKS, | 63 | .valid_hooks = NAT_VALID_HOOKS, |
64 | .me = THIS_MODULE, | 64 | .me = THIS_MODULE, |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index a5d0c27cc26f..cc9f8ef303fd 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -2100,7 +2100,8 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
2100 | return ret; | 2100 | return ret; |
2101 | } | 2101 | } |
2102 | 2102 | ||
2103 | struct xt_table *ip6t_register_table(struct net *net, struct xt_table *table, | 2103 | struct xt_table *ip6t_register_table(struct net *net, |
2104 | const struct xt_table *table, | ||
2104 | const struct ip6t_replace *repl) | 2105 | const struct ip6t_replace *repl) |
2105 | { | 2106 | { |
2106 | int ret; | 2107 | int ret; |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 0a3ae48ac4d5..6f4383ad86f9 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
@@ -51,7 +51,7 @@ static struct | |||
51 | .term = IP6T_ERROR_INIT, /* ERROR */ | 51 | .term = IP6T_ERROR_INIT, /* ERROR */ |
52 | }; | 52 | }; |
53 | 53 | ||
54 | static struct xt_table packet_filter = { | 54 | static const struct xt_table packet_filter = { |
55 | .name = "filter", | 55 | .name = "filter", |
56 | .valid_hooks = FILTER_VALID_HOOKS, | 56 | .valid_hooks = FILTER_VALID_HOOKS, |
57 | .me = THIS_MODULE, | 57 | .me = THIS_MODULE, |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index 0f49e005a8c5..0ad91433ed61 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
@@ -21,7 +21,7 @@ MODULE_DESCRIPTION("ip6tables mangle table"); | |||
21 | (1 << NF_INET_LOCAL_OUT) | \ | 21 | (1 << NF_INET_LOCAL_OUT) | \ |
22 | (1 << NF_INET_POST_ROUTING)) | 22 | (1 << NF_INET_POST_ROUTING)) |
23 | 23 | ||
24 | static struct | 24 | static const struct |
25 | { | 25 | { |
26 | struct ip6t_replace repl; | 26 | struct ip6t_replace repl; |
27 | struct ip6t_standard entries[5]; | 27 | struct ip6t_standard entries[5]; |
@@ -57,7 +57,7 @@ static struct | |||
57 | .term = IP6T_ERROR_INIT, /* ERROR */ | 57 | .term = IP6T_ERROR_INIT, /* ERROR */ |
58 | }; | 58 | }; |
59 | 59 | ||
60 | static struct xt_table packet_mangler = { | 60 | static const struct xt_table packet_mangler = { |
61 | .name = "mangle", | 61 | .name = "mangle", |
62 | .valid_hooks = MANGLE_VALID_HOOKS, | 62 | .valid_hooks = MANGLE_VALID_HOOKS, |
63 | .me = THIS_MODULE, | 63 | .me = THIS_MODULE, |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 679865e3d5ff..ed1a1180f3b3 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
@@ -8,7 +8,7 @@ | |||
8 | 8 | ||
9 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) | 9 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) |
10 | 10 | ||
11 | static struct | 11 | static const struct |
12 | { | 12 | { |
13 | struct ip6t_replace repl; | 13 | struct ip6t_replace repl; |
14 | struct ip6t_standard entries[2]; | 14 | struct ip6t_standard entries[2]; |
@@ -35,7 +35,7 @@ static struct | |||
35 | .term = IP6T_ERROR_INIT, /* ERROR */ | 35 | .term = IP6T_ERROR_INIT, /* ERROR */ |
36 | }; | 36 | }; |
37 | 37 | ||
38 | static struct xt_table packet_raw = { | 38 | static const struct xt_table packet_raw = { |
39 | .name = "raw", | 39 | .name = "raw", |
40 | .valid_hooks = RAW_VALID_HOOKS, | 40 | .valid_hooks = RAW_VALID_HOOKS, |
41 | .me = THIS_MODULE, | 41 | .me = THIS_MODULE, |
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c index 822afabbdc88..41b444c60934 100644 --- a/net/ipv6/netfilter/ip6table_security.c +++ b/net/ipv6/netfilter/ip6table_security.c | |||
@@ -26,7 +26,7 @@ MODULE_DESCRIPTION("ip6tables security table, for MAC rules"); | |||
26 | (1 << NF_INET_FORWARD) | \ | 26 | (1 << NF_INET_FORWARD) | \ |
27 | (1 << NF_INET_LOCAL_OUT) | 27 | (1 << NF_INET_LOCAL_OUT) |
28 | 28 | ||
29 | static struct | 29 | static const struct |
30 | { | 30 | { |
31 | struct ip6t_replace repl; | 31 | struct ip6t_replace repl; |
32 | struct ip6t_standard entries[3]; | 32 | struct ip6t_standard entries[3]; |
@@ -56,7 +56,7 @@ static struct | |||
56 | .term = IP6T_ERROR_INIT, /* ERROR */ | 56 | .term = IP6T_ERROR_INIT, /* ERROR */ |
57 | }; | 57 | }; |
58 | 58 | ||
59 | static struct xt_table security_table = { | 59 | static const struct xt_table security_table = { |
60 | .name = "security", | 60 | .name = "security", |
61 | .valid_hooks = SECURITY_VALID_HOOKS, | 61 | .valid_hooks = SECURITY_VALID_HOOKS, |
62 | .me = THIS_MODULE, | 62 | .me = THIS_MODULE, |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 025d1a0af78b..a6ac83a93348 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
@@ -736,16 +736,17 @@ xt_replace_table(struct xt_table *table, | |||
736 | } | 736 | } |
737 | EXPORT_SYMBOL_GPL(xt_replace_table); | 737 | EXPORT_SYMBOL_GPL(xt_replace_table); |
738 | 738 | ||
739 | struct xt_table *xt_register_table(struct net *net, struct xt_table *table, | 739 | struct xt_table *xt_register_table(struct net *net, |
740 | const struct xt_table *input_table, | ||
740 | struct xt_table_info *bootstrap, | 741 | struct xt_table_info *bootstrap, |
741 | struct xt_table_info *newinfo) | 742 | struct xt_table_info *newinfo) |
742 | { | 743 | { |
743 | int ret; | 744 | int ret; |
744 | struct xt_table_info *private; | 745 | struct xt_table_info *private; |
745 | struct xt_table *t; | 746 | struct xt_table *t, *table; |
746 | 747 | ||
747 | /* Don't add one object to multiple lists. */ | 748 | /* Don't add one object to multiple lists. */ |
748 | table = kmemdup(table, sizeof(struct xt_table), GFP_KERNEL); | 749 | table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL); |
749 | if (!table) { | 750 | if (!table) { |
750 | ret = -ENOMEM; | 751 | ret = -ENOMEM; |
751 | goto out; | 752 | goto out; |