tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_hook_ops structs can be const

We no longer place these on a list so they can be const.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 591bb278 5da773a3

+18 -18
+1 -1
drivers/net/ipvlan/ipvlan_main.c
··· 15 15 unsigned int ipvl_nf_hook_refcnt; 16 16 }; 17 17 18 - static struct nf_hook_ops ipvl_nfops[] __read_mostly = { 18 + static const struct nf_hook_ops ipvl_nfops[] = { 19 19 { 20 20 .hook = ipvlan_nf_input, 21 21 .pf = NFPROTO_IPV4,
+1 -1
net/bridge/br_netfilter_hooks.c
··· 887 887 888 888 /* For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because 889 889 * br_dev_queue_push_xmit is called afterwards */ 890 - static struct nf_hook_ops br_nf_ops[] __read_mostly = { 890 + static const struct nf_hook_ops br_nf_ops[] = { 891 891 { 892 892 .hook = br_nf_pre_routing, 893 893 .pf = NFPROTO_BRIDGE,
+1 -1
net/bridge/netfilter/ebtable_filter.c
··· 70 70 return ebt_do_table(skb, state, state->net->xt.frame_filter); 71 71 } 72 72 73 - static struct nf_hook_ops ebt_ops_filter[] __read_mostly = { 73 + static const struct nf_hook_ops ebt_ops_filter[] = { 74 74 { 75 75 .hook = ebt_in_hook, 76 76 .pf = NFPROTO_BRIDGE,
+1 -1
net/bridge/netfilter/ebtable_nat.c
··· 70 70 return ebt_do_table(skb, state, state->net->xt.frame_nat); 71 71 } 72 72 73 - static struct nf_hook_ops ebt_ops_nat[] __read_mostly = { 73 + static const struct nf_hook_ops ebt_ops_nat[] = { 74 74 { 75 75 .hook = ebt_nat_out, 76 76 .pf = NFPROTO_BRIDGE,
+1 -1
net/decnet/netfilter/dn_rtmsg.c
··· 115 115 RCV_SKB_FAIL(-EINVAL); 116 116 } 117 117 118 - static struct nf_hook_ops dnrmg_ops __read_mostly = { 118 + static const struct nf_hook_ops dnrmg_ops = { 119 119 .hook = dnrmg_hook, 120 120 .pf = NFPROTO_DECNET, 121 121 .hooknum = NF_DN_ROUTE,
+1 -1
net/ipv4/netfilter/ipt_CLUSTERIP.c
··· 624 624 return NF_ACCEPT; 625 625 } 626 626 627 - static struct nf_hook_ops cip_arp_ops __read_mostly = { 627 + static const struct nf_hook_ops cip_arp_ops = { 628 628 .hook = arp_mangle, 629 629 .pf = NFPROTO_ARP, 630 630 .hooknum = NF_ARP_OUT,
+1 -1
net/ipv4/netfilter/ipt_SYNPROXY.c
··· 416 416 return NF_ACCEPT; 417 417 } 418 418 419 - static struct nf_hook_ops ipv4_synproxy_ops[] __read_mostly = { 419 + static const struct nf_hook_ops ipv4_synproxy_ops[] = { 420 420 { 421 421 .hook = ipv4_synproxy_hook, 422 422 .pf = NFPROTO_IPV4,
+1 -1
net/ipv4/netfilter/iptable_nat.c
··· 67 67 return nf_nat_ipv4_local_fn(priv, skb, state, iptable_nat_do_chain); 68 68 } 69 69 70 - static struct nf_hook_ops nf_nat_ipv4_ops[] __read_mostly = { 70 + static const struct nf_hook_ops nf_nat_ipv4_ops[] = { 71 71 /* Before packet filtering, change destination */ 72 72 { 73 73 .hook = iptable_nat_ipv4_in,
+1 -1
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
··· 174 174 175 175 /* Connection tracking may drop packets, but never alters them, so 176 176 make it the first hook. */ 177 - static struct nf_hook_ops ipv4_conntrack_ops[] __read_mostly = { 177 + static const struct nf_hook_ops ipv4_conntrack_ops[] = { 178 178 { 179 179 .hook = ipv4_conntrack_in, 180 180 .pf = NFPROTO_IPV4,
+1 -1
net/ipv4/netfilter/nf_defrag_ipv4.c
··· 90 90 return NF_ACCEPT; 91 91 } 92 92 93 - static struct nf_hook_ops ipv4_defrag_ops[] = { 93 + static const struct nf_hook_ops ipv4_defrag_ops[] = { 94 94 { 95 95 .hook = ipv4_conntrack_defrag, 96 96 .pf = NFPROTO_IPV4,
+1 -1
net/ipv6/ila/ila_xlat.c
··· 208 208 return NF_ACCEPT; 209 209 } 210 210 211 - static struct nf_hook_ops ila_nf_hook_ops[] __read_mostly = { 211 + static const struct nf_hook_ops ila_nf_hook_ops[] = { 212 212 { 213 213 .hook = ila_nf_input, 214 214 .pf = NFPROTO_IPV6,
+1 -1
net/ipv6/netfilter/ip6t_SYNPROXY.c
··· 438 438 return NF_ACCEPT; 439 439 } 440 440 441 - static struct nf_hook_ops ipv6_synproxy_ops[] __read_mostly = { 441 + static const struct nf_hook_ops ipv6_synproxy_ops[] = { 442 442 { 443 443 .hook = ipv6_synproxy_hook, 444 444 .pf = NFPROTO_IPV6,
+1 -1
net/ipv6/netfilter/ip6table_nat.c
··· 69 69 return nf_nat_ipv6_local_fn(priv, skb, state, ip6table_nat_do_chain); 70 70 } 71 71 72 - static struct nf_hook_ops nf_nat_ipv6_ops[] __read_mostly = { 72 + static const struct nf_hook_ops nf_nat_ipv6_ops[] = { 73 73 /* Before packet filtering, change destination */ 74 74 { 75 75 .hook = ip6table_nat_in,
+1 -1
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
··· 191 191 return nf_conntrack_in(state->net, PF_INET6, state->hook, skb); 192 192 } 193 193 194 - static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = { 194 + static const struct nf_hook_ops ipv6_conntrack_ops[] = { 195 195 { 196 196 .hook = ipv6_conntrack_in, 197 197 .pf = NFPROTO_IPV6,
+1 -1
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
··· 74 74 return err == 0 ? NF_ACCEPT : NF_DROP; 75 75 } 76 76 77 - static struct nf_hook_ops ipv6_defrag_ops[] = { 77 + static const struct nf_hook_ops ipv6_defrag_ops[] = { 78 78 { 79 79 .hook = ipv6_defrag, 80 80 .pf = NFPROTO_IPV6,
+1 -1
net/netfilter/ipvs/ip_vs_core.c
··· 2101 2101 #endif 2102 2102 2103 2103 2104 - static struct nf_hook_ops ip_vs_ops[] __read_mostly = { 2104 + static const struct nf_hook_ops ip_vs_ops[] = { 2105 2105 /* After packet filtering, change source only for VS/NAT */ 2106 2106 { 2107 2107 .hook = ip_vs_reply4,
+1 -1
security/selinux/hooks.c
··· 6530 6530 6531 6531 #if defined(CONFIG_NETFILTER) 6532 6532 6533 - static struct nf_hook_ops selinux_nf_ops[] = { 6533 + static const struct nf_hook_ops selinux_nf_ops[] = { 6534 6534 { 6535 6535 .hook = selinux_ipv4_postroute, 6536 6536 .pf = NFPROTO_IPV4,
+1 -1
security/smack/smack_netfilter.c
··· 58 58 return NF_ACCEPT; 59 59 } 60 60 61 - static struct nf_hook_ops smack_nf_ops[] = { 61 + static const struct nf_hook_ops smack_nf_ops[] = { 62 62 { 63 63 .hook = smack_ipv4_output, 64 64 .pf = NFPROTO_IPV4,