xtables: constify struct builtin_table and struct builtin_chain

These definitions should be const, propagate this to all existing users.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index 618171e3208aeef1a640dee93789121da62ea42e..0223c0ed10001175da5ecf8742a8a38c476742d7 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -376,7 +376,7 @@ static int batch_rule_add(struct nft_handle *h, enum obj_update_type type,
        return batch_add(h, type, r);
 }
 
-struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
+const struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
        [NFT_TABLE_RAW] = {
                .name   = "raw",
                .type   = NFT_TABLE_RAW,
@@ -513,7 +513,7 @@ struct builtin_table xtables_ipv4[NFT_TABLE_MAX] = {
 
 #include <linux/netfilter_arp.h>
 
-struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
+const struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
        [NFT_TABLE_FILTER] = {
        .name   = "filter",
        .type   = NFT_TABLE_FILTER,
@@ -536,7 +536,7 @@ struct builtin_table xtables_arp[NFT_TABLE_MAX] = {
 
 #include <linux/netfilter_bridge.h>
 
-struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
+const struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
        [NFT_TABLE_FILTER] = {
                .name = "filter",
                .type   = NFT_TABLE_FILTER,
@@ -594,7 +594,7 @@ static bool nft_table_initialized(const struct nft_handle *h,
 }
 
 static int nft_table_builtin_add(struct nft_handle *h,
-                                struct builtin_table *_t)
+                                const struct builtin_table *_t)
 {
        struct nftnl_table *t;
        int ret;
@@ -614,8 +614,8 @@ static int nft_table_builtin_add(struct nft_handle *h,
 }
 
 static struct nftnl_chain *
-nft_chain_builtin_alloc(struct builtin_table *table,
-                       struct builtin_chain *chain, int policy)
+nft_chain_builtin_alloc(const struct builtin_table *table,
+                       const struct builtin_chain *chain, int policy)
 {
        struct nftnl_chain *c;
 
@@ -634,8 +634,8 @@ nft_chain_builtin_alloc(struct builtin_table *table,
 }
 
 static void nft_chain_builtin_add(struct nft_handle *h,
-                                 struct builtin_table *table,
-                                 struct builtin_chain *chain)
+                                 const struct builtin_table *table,
+                                 const struct builtin_chain *chain)
 {
        struct nftnl_chain *c;
 
@@ -647,7 +647,7 @@ static void nft_chain_builtin_add(struct nft_handle *h,
 }
 
 /* find if built-in table already exists */
-struct builtin_table *
+const struct builtin_table *
 nft_table_builtin_find(struct nft_handle *h, const char *table)
 {
        int i;
@@ -668,8 +668,8 @@ nft_table_builtin_find(struct nft_handle *h, const char *table)
 }
 
 /* find if built-in chain already exists */
-struct builtin_chain *
-nft_chain_builtin_find(struct builtin_table *t, const char *chain)
+const struct builtin_chain *
+nft_chain_builtin_find(const struct builtin_table *t, const char *chain)
 {
        int i;
        bool found = false;
@@ -685,7 +685,7 @@ nft_chain_builtin_find(struct builtin_table *t, const char *chain)
 }
 
 static void nft_chain_builtin_init(struct nft_handle *h,
-                                  struct builtin_table *table)
+                                  const struct builtin_table *table)
 {
        struct nftnl_chain_list *list = nft_chain_list_get(h, table->name);
        struct nftnl_chain *c;
@@ -707,7 +707,7 @@ static void nft_chain_builtin_init(struct nft_handle *h,
 
 static int nft_xt_builtin_init(struct nft_handle *h, const char *table)
 {
-       struct builtin_table *t;
+       const struct builtin_table *t;
 
        t = nft_table_builtin_find(h, table);
        if (t == NULL)
@@ -750,7 +750,7 @@ static int nft_restart(struct nft_handle *h)
        return 0;
 }
 
-int nft_init(struct nft_handle *h, struct builtin_table *t)
+int nft_init(struct nft_handle *h, const struct builtin_table *t)
 {
        h->nl = mnl_socket_open(NETLINK_NETFILTER);
        if (h->nl == NULL)
@@ -852,8 +852,8 @@ static struct nftnl_chain *nft_chain_new(struct nft_handle *h,
                                       const struct xt_counters *counters)
 {
        struct nftnl_chain *c;
-       struct builtin_table *_t;
-       struct builtin_chain *_c;
+       const struct builtin_table *_t;
+       const struct builtin_chain *_c;
 
        _t = nft_table_builtin_find(h, table);
        if (!_t) {
@@ -1294,7 +1294,7 @@ nft_rule_print_save(const struct nftnl_rule *r, enum nft_rule_print type,
 static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
 {
        struct nft_handle *h = data;
-       struct builtin_table *t;
+       const struct builtin_table *t;
        struct nftnl_chain *c;
 
        c = nftnl_chain_alloc();
@@ -1329,7 +1329,7 @@ struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,
 {
        char buf[16536];
        struct nlmsghdr *nlh;
-       struct builtin_table *t;
+       const struct builtin_table *t;
        int ret;
 
        t = nft_table_builtin_find(h, table);
@@ -1730,7 +1730,7 @@ nft_chain_find(struct nft_handle *h, const char *table, const char *chain)
 bool nft_chain_exists(struct nft_handle *h,
                      const char *table, const char *chain)
 {
-       struct builtin_table *t = nft_table_builtin_find(h, table);
+       const struct builtin_table *t = nft_table_builtin_find(h, table);
 
        /* xtables does not support custom tables */
        if (!t)
@@ -1895,7 +1895,7 @@ int nft_for_each_table(struct nft_handle *h,
 
 static int __nft_table_flush(struct nft_handle *h, const char *table)
 {
-       struct builtin_table *_t;
+       const struct builtin_table *_t;
        struct nftnl_table *t;
 
        t = nftnl_table_alloc();
@@ -3193,7 +3193,7 @@ static int nft_is_chain_compatible(const struct nft_handle *h,
                                   const struct nftnl_chain *chain)
 {
        const char *table, *name, *type, *cur_table;
-       struct builtin_chain *chains;
+       const struct builtin_chain *chains;
        int i, j, prio;
        enum nf_inet_hooks hook;
 

diff --git a/iptables/nft.h b/iptables/nft.h
index 9fe83ad134dac9d6403c33fd1ee071dc9774fc0f..711199948a89f5290091601fc7d88f9aca10cf54 100644 (file)
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -37,7 +37,7 @@ struct nft_handle {
        struct nftnl_batch      *batch;
        struct list_head        err_list;
        struct nft_family_ops   *ops;
-       struct builtin_table    *tables;
+       const struct builtin_table *tables;
        struct {
                struct nftnl_chain_list *chain_cache;
                bool                    initialized;
@@ -52,14 +52,14 @@ struct nft_handle {
        } error;
 };
 
-extern struct builtin_table xtables_ipv4[NFT_TABLE_MAX];
-extern struct builtin_table xtables_arp[NFT_TABLE_MAX];
-extern struct builtin_table xtables_bridge[NFT_TABLE_MAX];
+extern const struct builtin_table xtables_ipv4[NFT_TABLE_MAX];
+extern const struct builtin_table xtables_arp[NFT_TABLE_MAX];
+extern const struct builtin_table xtables_bridge[NFT_TABLE_MAX];
 
 int mnl_talk(struct nft_handle *h, struct nlmsghdr *nlh,
             int (*cb)(const struct nlmsghdr *nlh, void *data),
             void *data);
-int nft_init(struct nft_handle *h, struct builtin_table *t);
+int nft_init(struct nft_handle *h, const struct builtin_table *t);
 void nft_fini(struct nft_handle *h);
 
 /*
@@ -73,7 +73,7 @@ bool nft_table_find(struct nft_handle *h, const char *tablename);
 int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list);
 int nft_table_flush(struct nft_handle *h, const char *table);
 void nft_table_new(struct nft_handle *h, const char *table);
-struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table);
+const struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table);
 
 /*
  * Operations with chains.
@@ -92,7 +92,7 @@ int nft_chain_user_flush(struct nft_handle *h, struct nftnl_chain_list *list,
                         const char *chain, const char *table);
 int nft_chain_user_rename(struct nft_handle *h, const char *chain, const char *table, const char *newname);
 int nft_chain_zero_counters(struct nft_handle *h, const char *chain, const char *table, bool verbose);
-struct builtin_chain *nft_chain_builtin_find(struct builtin_table *t, const char *chain);
+const struct builtin_chain *nft_chain_builtin_find(const struct builtin_table *t, const char *chain);
 bool nft_chain_exists(struct nft_handle *h, const char *table, const char *chain);
 
 /*

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index a46a92955a01af1bb24c620b84ba3d20075421bf..642876d6c70aceb2e4d602d72184c2bfaa5eba08 100644 (file)
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -105,9 +105,9 @@ void xtables_restore_parse(struct nft_handle *h,
                           struct nft_xt_restore_cb *cb,
                           int argc, char *argv[])
 {
+       const struct builtin_table *curtable = NULL;
        char buffer[10240];
        int in_table = 0;
-       struct builtin_table *curtable = NULL;
        const struct xtc_ops *ops = &xtc_ops;
        struct nftnl_chain_list *chain_list = NULL;
 
@@ -359,7 +359,7 @@ void xtables_restore_parse(struct nft_handle *h,
 static int
 xtables_restore_main(int family, const char *progname, int argc, char *argv[])
 {
-       struct builtin_table *tables;
+       const struct builtin_table *tables;
        struct nft_handle h = {
                .family = family,
                .restore = true,

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index d121d50e180ffadabef851cbf4aa888effbcef32..414a864b6196becc23a47fffdf8b6d9ed94e5ff2 100644 (file)
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -122,7 +122,7 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
 static int
 xtables_save_main(int family, const char *progname, int argc, char *argv[])
 {
-       struct builtin_table *tables;
+       const struct builtin_table *tables;
        const char *tablename = NULL;
        bool dump = false;
        struct nft_handle h = {

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 849c53f30e1557a484b709b6243e2433e2fc370a..e1d2a7d6cce88a46ecbf6933208ed11da8429d26 100644 (file)
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -426,7 +426,7 @@ static int xtables_xlate_main_common(struct nft_handle *h,
                                     int family,
                                     const char *progname)
 {
-       struct builtin_table *tables;
+       const struct builtin_table *tables;
        int ret;
 
        xtables_globals.program_name = progname;