netfilter: nf_hook_ops structs can be const
We no longer place these on a list so they can be const. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
5da773a3e8
commit
591bb2789b
|
@ -15,7 +15,7 @@ struct ipvlan_netns {
|
|||
unsigned int ipvl_nf_hook_refcnt;
|
||||
};
|
||||
|
||||
static struct nf_hook_ops ipvl_nfops[] __read_mostly = {
|
||||
static const struct nf_hook_ops ipvl_nfops[] = {
|
||||
{
|
||||
.hook = ipvlan_nf_input,
|
||||
.pf = NFPROTO_IPV4,
|
||||
|
|
|
@ -887,7 +887,7 @@ EXPORT_SYMBOL_GPL(br_netfilter_enable);
|
|||
|
||||
/* For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because
|
||||
* br_dev_queue_push_xmit is called afterwards */
|
||||
static struct nf_hook_ops br_nf_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops br_nf_ops[] = {
|
||||
{
|
||||
.hook = br_nf_pre_routing,
|
||||
.pf = NFPROTO_BRIDGE,
|
||||
|
|
|
@ -70,7 +70,7 @@ ebt_out_hook(void *priv, struct sk_buff *skb,
|
|||
return ebt_do_table(skb, state, state->net->xt.frame_filter);
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ebt_ops_filter[] __read_mostly = {
|
||||
static const struct nf_hook_ops ebt_ops_filter[] = {
|
||||
{
|
||||
.hook = ebt_in_hook,
|
||||
.pf = NFPROTO_BRIDGE,
|
||||
|
|
|
@ -70,7 +70,7 @@ ebt_nat_out(void *priv, struct sk_buff *skb,
|
|||
return ebt_do_table(skb, state, state->net->xt.frame_nat);
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ebt_ops_nat[] __read_mostly = {
|
||||
static const struct nf_hook_ops ebt_ops_nat[] = {
|
||||
{
|
||||
.hook = ebt_nat_out,
|
||||
.pf = NFPROTO_BRIDGE,
|
||||
|
|
|
@ -115,7 +115,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
|
|||
RCV_SKB_FAIL(-EINVAL);
|
||||
}
|
||||
|
||||
static struct nf_hook_ops dnrmg_ops __read_mostly = {
|
||||
static const struct nf_hook_ops dnrmg_ops = {
|
||||
.hook = dnrmg_hook,
|
||||
.pf = NFPROTO_DECNET,
|
||||
.hooknum = NF_DN_ROUTE,
|
||||
|
|
|
@ -624,7 +624,7 @@ arp_mangle(void *priv,
|
|||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
static struct nf_hook_ops cip_arp_ops __read_mostly = {
|
||||
static const struct nf_hook_ops cip_arp_ops = {
|
||||
.hook = arp_mangle,
|
||||
.pf = NFPROTO_ARP,
|
||||
.hooknum = NF_ARP_OUT,
|
||||
|
|
|
@ -416,7 +416,7 @@ static unsigned int ipv4_synproxy_hook(void *priv,
|
|||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ipv4_synproxy_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops ipv4_synproxy_ops[] = {
|
||||
{
|
||||
.hook = ipv4_synproxy_hook,
|
||||
.pf = NFPROTO_IPV4,
|
||||
|
|
|
@ -67,7 +67,7 @@ static unsigned int iptable_nat_ipv4_local_fn(void *priv,
|
|||
return nf_nat_ipv4_local_fn(priv, skb, state, iptable_nat_do_chain);
|
||||
}
|
||||
|
||||
static struct nf_hook_ops nf_nat_ipv4_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops nf_nat_ipv4_ops[] = {
|
||||
/* Before packet filtering, change destination */
|
||||
{
|
||||
.hook = iptable_nat_ipv4_in,
|
||||
|
|
|
@ -174,7 +174,7 @@ static unsigned int ipv4_conntrack_local(void *priv,
|
|||
|
||||
/* Connection tracking may drop packets, but never alters them, so
|
||||
make it the first hook. */
|
||||
static struct nf_hook_ops ipv4_conntrack_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops ipv4_conntrack_ops[] = {
|
||||
{
|
||||
.hook = ipv4_conntrack_in,
|
||||
.pf = NFPROTO_IPV4,
|
||||
|
|
|
@ -90,7 +90,7 @@ static unsigned int ipv4_conntrack_defrag(void *priv,
|
|||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ipv4_defrag_ops[] = {
|
||||
static const struct nf_hook_ops ipv4_defrag_ops[] = {
|
||||
{
|
||||
.hook = ipv4_conntrack_defrag,
|
||||
.pf = NFPROTO_IPV4,
|
||||
|
|
|
@ -208,7 +208,7 @@ ila_nf_input(void *priv,
|
|||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ila_nf_hook_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops ila_nf_hook_ops[] = {
|
||||
{
|
||||
.hook = ila_nf_input,
|
||||
.pf = NFPROTO_IPV6,
|
||||
|
|
|
@ -438,7 +438,7 @@ static unsigned int ipv6_synproxy_hook(void *priv,
|
|||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ipv6_synproxy_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops ipv6_synproxy_ops[] = {
|
||||
{
|
||||
.hook = ipv6_synproxy_hook,
|
||||
.pf = NFPROTO_IPV6,
|
||||
|
|
|
@ -69,7 +69,7 @@ static unsigned int ip6table_nat_local_fn(void *priv,
|
|||
return nf_nat_ipv6_local_fn(priv, skb, state, ip6table_nat_do_chain);
|
||||
}
|
||||
|
||||
static struct nf_hook_ops nf_nat_ipv6_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops nf_nat_ipv6_ops[] = {
|
||||
/* Before packet filtering, change destination */
|
||||
{
|
||||
.hook = ip6table_nat_in,
|
||||
|
|
|
@ -191,7 +191,7 @@ static unsigned int ipv6_conntrack_local(void *priv,
|
|||
return nf_conntrack_in(state->net, PF_INET6, state->hook, skb);
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops ipv6_conntrack_ops[] = {
|
||||
{
|
||||
.hook = ipv6_conntrack_in,
|
||||
.pf = NFPROTO_IPV6,
|
||||
|
|
|
@ -74,7 +74,7 @@ static unsigned int ipv6_defrag(void *priv,
|
|||
return err == 0 ? NF_ACCEPT : NF_DROP;
|
||||
}
|
||||
|
||||
static struct nf_hook_ops ipv6_defrag_ops[] = {
|
||||
static const struct nf_hook_ops ipv6_defrag_ops[] = {
|
||||
{
|
||||
.hook = ipv6_defrag,
|
||||
.pf = NFPROTO_IPV6,
|
||||
|
|
|
@ -2101,7 +2101,7 @@ ip_vs_forward_icmp_v6(void *priv, struct sk_buff *skb,
|
|||
#endif
|
||||
|
||||
|
||||
static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
|
||||
static const struct nf_hook_ops ip_vs_ops[] = {
|
||||
/* After packet filtering, change source only for VS/NAT */
|
||||
{
|
||||
.hook = ip_vs_reply4,
|
||||
|
|
|
@ -6530,7 +6530,7 @@ security_initcall(selinux_init);
|
|||
|
||||
#if defined(CONFIG_NETFILTER)
|
||||
|
||||
static struct nf_hook_ops selinux_nf_ops[] = {
|
||||
static const struct nf_hook_ops selinux_nf_ops[] = {
|
||||
{
|
||||
.hook = selinux_ipv4_postroute,
|
||||
.pf = NFPROTO_IPV4,
|
||||
|
|
|
@ -58,7 +58,7 @@ static unsigned int smack_ipv4_output(void *priv,
|
|||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
static struct nf_hook_ops smack_nf_ops[] = {
|
||||
static const struct nf_hook_ops smack_nf_ops[] = {
|
||||
{
|
||||
.hook = smack_ipv4_output,
|
||||
.pf = NFPROTO_IPV4,
|
||||
|
|
Loading…
Reference in New Issue