|
 |
8cce6c |
From 8ef9a56ea980170e146353bc8d7b91765b801344 Mon Sep 17 00:00:00 2001
|
|
|
8cce6c |
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
8cce6c |
Date: Sat, 17 Nov 2018 18:25:58 +0100
|
|
|
8cce6c |
Subject: [PATCH] xtables: constify struct builtin_table and struct
|
|
|
8cce6c |
builtin_chain
|
|
|
8cce6c |
|
|
|
8cce6c |
These definitions should be const, propagate this to all existing users.
|
|
|
8cce6c |
|
|
|
8cce6c |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
8cce6c |
(cherry picked from commit 3c7ea26c85b95a4c62355c359030d6bbdf2f8df0)
|
|
|
8cce6c |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
8cce6c |
---
|
|
|
8cce6c |
iptables/nft.c | 42 ++++++++++++++++++------------------
|
|
|
8cce6c |
iptables/nft.h | 14 ++++++------
|
|
|
8cce6c |
iptables/xtables-restore.c | 4 ++--
|
|
|
8cce6c |
iptables/xtables-save.c | 2 +-
|
|
|
8cce6c |
iptables/xtables-translate.c | 2 +-
|
|
|
8cce6c |
5 files changed, 32 insertions(+), 32 deletions(-)
|
|
|
8cce6c |
|
|
|
8cce6c |
diff --git a/iptables/nft.c b/iptables/nft.c
|
|
|
8cce6c |
index 9b479307a2fbc..7b6fb2b10686d 100644
|
|
|
8cce6c |
--- a/iptables/nft.c
|
|
|
8cce6c |
+++ b/iptables/nft.c
|
|
|
8cce6c |
@@ -376,7 +376,7 @@ static int batch_rule_add(struct nft_handle *h, enum obj_update_type type,
|
|
|
8cce6c |
return batch_add(h, type, r);
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
-struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
+const struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
[NFT_TABLE_RAW] = {
|
|
|
8cce6c |
.name = "raw",
|
|
|
8cce6c |
.type = NFT_TABLE_RAW,
|
|
|
8cce6c |
@@ -513,7 +513,7 @@ struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
|
|
|
8cce6c |
#include <linux/netfilter_arp.h>
|
|
|
8cce6c |
|
|
|
8cce6c |
-struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
+const struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
[NFT_TABLE_FILTER] = {
|
|
|
8cce6c |
.name = "filter",
|
|
|
8cce6c |
.type = NFT_TABLE_FILTER,
|
|
|
8cce6c |
@@ -536,7 +536,7 @@ struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
|
|
|
8cce6c |
#include <linux/netfilter_bridge.h>
|
|
|
8cce6c |
|
|
|
8cce6c |
-struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
+const struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
[NFT_TABLE_FILTER] = {
|
|
|
8cce6c |
.name = "filter",
|
|
|
8cce6c |
.type = NFT_TABLE_FILTER,
|
|
|
8cce6c |
@@ -594,7 +594,7 @@ static bool nft_table_initialized(const struct nft_handle *h,
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
static int nft_table_builtin_add(struct nft_handle *h,
|
|
|
8cce6c |
- struct builtin_table *_t)
|
|
|
8cce6c |
+ const struct builtin_table *_t)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
struct nftnl_table *t;
|
|
|
8cce6c |
int ret;
|
|
|
8cce6c |
@@ -614,8 +614,8 @@ static int nft_table_builtin_add(struct nft_handle *h,
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
static struct nftnl_chain *
|
|
|
8cce6c |
-nft_chain_builtin_alloc(struct builtin_table *table,
|
|
|
8cce6c |
- struct builtin_chain *chain, int policy)
|
|
|
8cce6c |
+nft_chain_builtin_alloc(const struct builtin_table *table,
|
|
|
8cce6c |
+ const struct builtin_chain *chain, int policy)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
struct nftnl_chain *c;
|
|
|
8cce6c |
|
|
|
8cce6c |
@@ -634,8 +634,8 @@ nft_chain_builtin_alloc(struct builtin_table *table,
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
static void nft_chain_builtin_add(struct nft_handle *h,
|
|
|
8cce6c |
- struct builtin_table *table,
|
|
|
8cce6c |
- struct builtin_chain *chain)
|
|
|
8cce6c |
+ const struct builtin_table *table,
|
|
|
8cce6c |
+ const struct builtin_chain *chain)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
struct nftnl_chain *c;
|
|
|
8cce6c |
|
|
|
8cce6c |
@@ -647,7 +647,7 @@ static void nft_chain_builtin_add(struct nft_handle *h,
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
/* find if built-in table already exists */
|
|
|
8cce6c |
-struct builtin_table *
|
|
|
8cce6c |
+const struct builtin_table *
|
|
|
8cce6c |
nft_table_builtin_find(struct nft_handle *h, const char *table)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
int i;
|
|
|
8cce6c |
@@ -668,8 +668,8 @@ nft_table_builtin_find(struct nft_handle *h, const char *table)
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
/* find if built-in chain already exists */
|
|
|
8cce6c |
-struct builtin_chain *
|
|
|
8cce6c |
-nft_chain_builtin_find(struct builtin_table *t, const char *chain)
|
|
|
8cce6c |
+const struct builtin_chain *
|
|
|
8cce6c |
+nft_chain_builtin_find(const struct builtin_table *t, const char *chain)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
int i;
|
|
|
8cce6c |
bool found = false;
|
|
|
8cce6c |
@@ -685,7 +685,7 @@ nft_chain_builtin_find(struct builtin_table *t, const char *chain)
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
static void nft_chain_builtin_init(struct nft_handle *h,
|
|
|
8cce6c |
- struct builtin_table *table)
|
|
|
8cce6c |
+ const struct builtin_table *table)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
struct nftnl_chain_list *list = nft_chain_list_get(h, table->name);
|
|
|
8cce6c |
struct nftnl_chain *c;
|
|
|
8cce6c |
@@ -707,7 +707,7 @@ static void nft_chain_builtin_init(struct nft_handle *h,
|
|
|
8cce6c |
|
|
|
8cce6c |
static int nft_xt_builtin_init(struct nft_handle *h, const char *table)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
- struct builtin_table *t;
|
|
|
8cce6c |
+ const struct builtin_table *t;
|
|
|
8cce6c |
|
|
|
8cce6c |
t = nft_table_builtin_find(h, table);
|
|
|
8cce6c |
if (t == NULL)
|
|
|
8cce6c |
@@ -750,7 +750,7 @@ static int nft_restart(struct nft_handle *h)
|
|
|
8cce6c |
return 0;
|
|
|
8cce6c |
}
|
|
|
8cce6c |
|
|
|
8cce6c |
-int nft_init(struct nft_handle *h, struct builtin_table *t)
|
|
|
8cce6c |
+int nft_init(struct nft_handle *h, const struct builtin_table *t)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
h->nl = mnl_socket_open(NETLINK_NETFILTER);
|
|
|
8cce6c |
if (h->nl == NULL)
|
|
|
8cce6c |
@@ -852,8 +852,8 @@ static struct nftnl_chain *nft_chain_new(struct nft_handle *h,
|
|
|
8cce6c |
const struct xt_counters *counters)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
struct nftnl_chain *c;
|
|
|
8cce6c |
- struct builtin_table *_t;
|
|
|
8cce6c |
- struct builtin_chain *_c;
|
|
|
8cce6c |
+ const struct builtin_table *_t;
|
|
|
8cce6c |
+ const struct builtin_chain *_c;
|
|
|
8cce6c |
|
|
|
8cce6c |
_t = nft_table_builtin_find(h, table);
|
|
|
8cce6c |
if (!_t) {
|
|
|
8cce6c |
@@ -1267,7 +1267,7 @@ nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type,
|
|
|
8cce6c |
static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
struct nft_handle *h = data;
|
|
|
8cce6c |
- struct builtin_table *t;
|
|
|
8cce6c |
+ const struct builtin_table *t;
|
|
|
8cce6c |
struct nftnl_chain *c;
|
|
|
8cce6c |
|
|
|
8cce6c |
c = nftnl_chain_alloc();
|
|
|
8cce6c |
@@ -1302,7 +1302,7 @@ struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,
|
|
|
8cce6c |
{
|
|
|
8cce6c |
char buf[16536];
|
|
|
8cce6c |
struct nlmsghdr *nlh;
|
|
|
8cce6c |
- struct builtin_table *t;
|
|
|
8cce6c |
+ const struct builtin_table *t;
|
|
|
8cce6c |
int ret;
|
|
|
8cce6c |
|
|
|
8cce6c |
t = nft_table_builtin_find(h, table);
|
|
|
8cce6c |
@@ -1703,7 +1703,7 @@ nft_chain_find(struct nft_handle *h, const char *table, const char *chain)
|
|
|
8cce6c |
bool nft_chain_exists(struct nft_handle *h,
|
|
|
8cce6c |
const char *table, const char *chain)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
- struct builtin_table *t = nft_table_builtin_find(h, table);
|
|
|
8cce6c |
+ const struct builtin_table *t = nft_table_builtin_find(h, table);
|
|
|
8cce6c |
|
|
|
8cce6c |
/* xtables does not support custom tables */
|
|
|
8cce6c |
if (!t)
|
|
|
8cce6c |
@@ -1868,7 +1868,7 @@ int nft_for_each_table(struct nft_handle *h,
|
|
|
8cce6c |
|
|
|
8cce6c |
static int __nft_table_flush(struct nft_handle *h, const char *table)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
- struct builtin_table *_t;
|
|
|
8cce6c |
+ const struct builtin_table *_t;
|
|
|
8cce6c |
struct nftnl_table *t;
|
|
|
8cce6c |
|
|
|
8cce6c |
t = nftnl_table_alloc();
|
|
|
8cce6c |
@@ -3166,7 +3166,7 @@ static int nft_is_chain_compatible(const struct nft_handle *h,
|
|
|
8cce6c |
const struct nftnl_chain *chain)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
const char *table, *name, *type, *cur_table;
|
|
|
8cce6c |
- struct builtin_chain *chains;
|
|
|
8cce6c |
+ const struct builtin_chain *chains;
|
|
|
8cce6c |
int i, j, prio;
|
|
|
8cce6c |
enum nf_inet_hooks hook;
|
|
|
8cce6c |
|
|
|
8cce6c |
diff --git a/iptables/nft.h b/iptables/nft.h
|
|
|
8cce6c |
index b9ba66b110042..bf60ab3943659 100644
|
|
|
8cce6c |
--- a/iptables/nft.h
|
|
|
8cce6c |
+++ b/iptables/nft.h
|
|
|
8cce6c |
@@ -37,7 +37,7 @@ struct nft_handle {
|
|
|
8cce6c |
struct nftnl_batch *batch;
|
|
|
8cce6c |
struct list_head err_list;
|
|
|
8cce6c |
struct nft_family_ops *ops;
|
|
|
8cce6c |
- struct builtin_table *tables;
|
|
|
8cce6c |
+ const struct builtin_table *tables;
|
|
|
8cce6c |
struct {
|
|
|
8cce6c |
struct nftnl_chain_list *chain_cache;
|
|
|
8cce6c |
bool initialized;
|
|
|
8cce6c |
@@ -52,14 +52,14 @@ struct nft_handle {
|
|
|
8cce6c |
} error;
|
|
|
8cce6c |
};
|
|
|
8cce6c |
|
|
|
8cce6c |
-extern struct builtin_table xtables_ipv4[NFT_TABLE_MAX];
|
|
|
8cce6c |
-extern struct builtin_table xtables_arp[NFT_TABLE_MAX];
|
|
|
8cce6c |
-extern struct builtin_table xtables_bridge[NFT_TABLE_MAX];
|
|
|
8cce6c |
+extern const struct builtin_table xtables_ipv4[NFT_TABLE_MAX];
|
|
|
8cce6c |
+extern const struct builtin_table xtables_arp[NFT_TABLE_MAX];
|
|
|
8cce6c |
+extern const struct builtin_table xtables_bridge[NFT_TABLE_MAX];
|
|
|
8cce6c |
|
|
|
8cce6c |
int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
|
|
|
8cce6c |
int (*cb)(const struct nlmsghdr *nlh, void *data),
|
|
|
8cce6c |
void *data);
|
|
|
8cce6c |
-int nft_init(struct nft_handle *h, struct builtin_table *t);
|
|
|
8cce6c |
+int nft_init(struct nft_handle *h, const struct builtin_table *t);
|
|
|
8cce6c |
void nft_fini(struct nft_handle *h);
|
|
|
8cce6c |
|
|
|
8cce6c |
/*
|
|
|
8cce6c |
@@ -73,7 +73,7 @@ bool nft_table_find(struct nft_handle *h, const char *tablename);
|
|
|
8cce6c |
int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list);
|
|
|
8cce6c |
int nft_table_flush(struct nft_handle *h, const char *table);
|
|
|
8cce6c |
void nft_table_new(struct nft_handle *h, const char *table);
|
|
|
8cce6c |
-struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table);
|
|
|
8cce6c |
+const struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table);
|
|
|
8cce6c |
|
|
|
8cce6c |
/*
|
|
|
8cce6c |
* Operations with chains.
|
|
|
8cce6c |
@@ -92,7 +92,7 @@ int nft_chain_user_flush(struct nft_handle *h, struct nftnl_chain_list *list,
|
|
|
8cce6c |
const char *chain, const char *table);
|
|
|
8cce6c |
int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *table, const char *newname);
|
|
|
8cce6c |
int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const char *table, bool verbose);
|
|
|
8cce6c |
-struct builtin_chain *nft_chain_builtin_find(struct builtin_table *t, const char *chain);
|
|
|
8cce6c |
+const struct builtin_chain *nft_chain_builtin_find(const struct builtin_table *t, const char *chain);
|
|
|
8cce6c |
bool nft_chain_exists(struct nft_handle *h, const char *table, const char *chain);
|
|
|
8cce6c |
|
|
|
8cce6c |
/*
|
|
|
8cce6c |
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
|
|
|
8cce6c |
index a46a92955a01a..642876d6c70ac 100644
|
|
|
8cce6c |
--- a/iptables/xtables-restore.c
|
|
|
8cce6c |
+++ b/iptables/xtables-restore.c
|
|
|
8cce6c |
@@ -105,9 +105,9 @@ void xtables_restore_parse(struct nft_handle *h,
|
|
|
8cce6c |
struct nft_xt_restore_cb *cb,
|
|
|
8cce6c |
int argc, char *argv[])
|
|
|
8cce6c |
{
|
|
|
8cce6c |
+ const struct builtin_table *curtable = NULL;
|
|
|
8cce6c |
char buffer[10240];
|
|
|
8cce6c |
int in_table = 0;
|
|
|
8cce6c |
- struct builtin_table *curtable = NULL;
|
|
|
8cce6c |
const struct xtc_ops *ops = &xtc_ops;
|
|
|
8cce6c |
struct nftnl_chain_list *chain_list = NULL;
|
|
|
8cce6c |
|
|
|
8cce6c |
@@ -359,7 +359,7 @@ void xtables_restore_parse(struct nft_handle *h,
|
|
|
8cce6c |
static int
|
|
|
8cce6c |
xtables_restore_main(int family, const char *progname, int argc, char *argv[])
|
|
|
8cce6c |
{
|
|
|
8cce6c |
- struct builtin_table *tables;
|
|
|
8cce6c |
+ const struct builtin_table *tables;
|
|
|
8cce6c |
struct nft_handle h = {
|
|
|
8cce6c |
.family = family,
|
|
|
8cce6c |
.restore = true,
|
|
|
8cce6c |
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
|
|
|
8cce6c |
index d121d50e180ff..414a864b6196b 100644
|
|
|
8cce6c |
--- a/iptables/xtables-save.c
|
|
|
8cce6c |
+++ b/iptables/xtables-save.c
|
|
|
8cce6c |
@@ -122,7 +122,7 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
|
|
|
8cce6c |
static int
|
|
|
8cce6c |
xtables_save_main(int family, const char *progname, int argc, char *argv[])
|
|
|
8cce6c |
{
|
|
|
8cce6c |
- struct builtin_table *tables;
|
|
|
8cce6c |
+ const struct builtin_table *tables;
|
|
|
8cce6c |
const char *tablename = NULL;
|
|
|
8cce6c |
bool dump = false;
|
|
|
8cce6c |
struct nft_handle h = {
|
|
|
8cce6c |
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
|
|
|
8cce6c |
index 849c53f30e155..e1d2a7d6cce88 100644
|
|
|
8cce6c |
--- a/iptables/xtables-translate.c
|
|
|
8cce6c |
+++ b/iptables/xtables-translate.c
|
|
|
8cce6c |
@@ -426,7 +426,7 @@ static int xtables_xlate_main_common(struct nft_handle *h,
|
|
|
8cce6c |
int family,
|
|
|
8cce6c |
const char *progname)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
- struct builtin_table *tables;
|
|
|
8cce6c |
+ const struct builtin_table *tables;
|
|
|
8cce6c |
int ret;
|
|
|
8cce6c |
|
|
|
8cce6c |
xtables_globals.program_name = progname;
|
|
|
8cce6c |
--
|
|
|
8cce6c |
2.20.1
|
|
|
8cce6c |
|