netfilter: make function op structures const

[ Upstream commit 285c8a7a58158cb1805c97ff03875df2ba2ea1fe ]

No functional changes, these structures should be const.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: 62e7151ae3eb ("netfilter: bridge: confirm multicast packets before passing them up the stack")
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 64acdf22eb4fa67731babb535feb7450856ef7a6..5a665034c30bebf2734c76f5daf95e81c1a3295b 100644 (file)
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -376,13 +376,13 @@ struct nf_nat_hook {
                                  enum ip_conntrack_dir dir);
 };
 
-extern struct nf_nat_hook __rcu *nf_nat_hook;
+extern const struct nf_nat_hook __rcu *nf_nat_hook;
 
 static inline void
 nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
 {
 #if IS_ENABLED(CONFIG_NF_NAT)
-       struct nf_nat_hook *nat_hook;
+       const struct nf_nat_hook *nat_hook;
 
        rcu_read_lock();
        nat_hook = rcu_dereference(nf_nat_hook);
@@ -459,7 +459,7 @@ struct nf_ct_hook {
                              const struct sk_buff *);
        void (*attach)(struct sk_buff *nskb, const struct sk_buff *skb);
 };
-extern struct nf_ct_hook __rcu *nf_ct_hook;
+extern const struct nf_ct_hook __rcu *nf_ct_hook;
 
 struct nlattr;
 
@@ -474,7 +474,7 @@ struct nfnl_ct_hook {
        void (*seq_adjust)(struct sk_buff *skb, struct nf_conn *ct,
                           enum ip_conntrack_info ctinfo, s32 off);
 };
-extern struct nfnl_ct_hook __rcu *nfnl_ct_hook;
+extern const struct nfnl_ct_hook __rcu *nfnl_ct_hook;
 
 /**
  * nf_skb_duplicated - TEE target has sent a packet

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 5396d27ba6a715ce665970a522b01864421c0dcb..aa3f7d3228fda7f4379e8138ac89d2715e42529f 100644 (file)
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -632,14 +632,14 @@ EXPORT_SYMBOL(nf_hook_slow_list);
 /* This needs to be compiled in any case to avoid dependencies between the
  * nfnetlink_queue code and nf_conntrack.
  */
-struct nfnl_ct_hook __rcu *nfnl_ct_hook __read_mostly;
+const struct nfnl_ct_hook __rcu *nfnl_ct_hook __read_mostly;
 EXPORT_SYMBOL_GPL(nfnl_ct_hook);
 
-struct nf_ct_hook __rcu *nf_ct_hook __read_mostly;
+const struct nf_ct_hook __rcu *nf_ct_hook __read_mostly;
 EXPORT_SYMBOL_GPL(nf_ct_hook);
 
 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
-struct nf_nat_hook __rcu *nf_nat_hook __read_mostly;
+const struct nf_nat_hook __rcu *nf_nat_hook __read_mostly;
 EXPORT_SYMBOL_GPL(nf_nat_hook);
 
 /* This does not belong here, but locally generated errors need it if connection
@@ -662,7 +662,7 @@ EXPORT_SYMBOL(nf_ct_attach);
 
 void nf_conntrack_destroy(struct nf_conntrack *nfct)
 {
-       struct nf_ct_hook *ct_hook;
+       const struct nf_ct_hook *ct_hook;
 
        rcu_read_lock();
        ct_hook = rcu_dereference(nf_ct_hook);
@@ -677,7 +677,7 @@ EXPORT_SYMBOL(nf_conntrack_destroy);
 bool nf_ct_get_tuple_skb(struct nf_conntrack_tuple *dst_tuple,
                         const struct sk_buff *skb)
 {
-       struct nf_ct_hook *ct_hook;
+       const struct nf_ct_hook *ct_hook;
        bool ret = false;
 
        rcu_read_lock();

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 779e41d1afdceb6122ad487c237848279e856606..2a4222eefc894d627d0d9113de15fd4afd2b12ec 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2145,9 +2145,9 @@ static int __nf_conntrack_update(struct net *net, struct sk_buff *skb,
                                 struct nf_conn *ct,
                                 enum ip_conntrack_info ctinfo)
 {
+       const struct nf_nat_hook *nat_hook;
        struct nf_conntrack_tuple_hash *h;
        struct nf_conntrack_tuple tuple;
-       struct nf_nat_hook *nat_hook;
        unsigned int status;
        int dataoff;
        u16 l3num;
@@ -2833,7 +2833,7 @@ err_cachep:
        return ret;
 }
 
-static struct nf_ct_hook nf_conntrack_hook = {
+static const struct nf_ct_hook nf_conntrack_hook = {
        .update         = nf_conntrack_update,
        .destroy        = nf_ct_destroy,
        .get_tuple_skb  = nf_conntrack_get_tuple_skb,

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index c427f7625a3b5744208bfaa7843e6b59ccbfa485..1466015bc56dc7353eaa3839e9020933188e9343 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1816,7 +1816,7 @@ ctnetlink_parse_nat_setup(struct nf_conn *ct,
                          const struct nlattr *attr)
        __must_hold(RCU)
 {
-       struct nf_nat_hook *nat_hook;
+       const struct nf_nat_hook *nat_hook;
        int err;
 
        nat_hook = rcu_dereference(nf_nat_hook);
@@ -2922,7 +2922,7 @@ static void ctnetlink_glue_seqadj(struct sk_buff *skb, struct nf_conn *ct,
        nf_ct_tcp_seqadj_set(skb, ct, ctinfo, diff);
 }
 
-static struct nfnl_ct_hook ctnetlink_glue_hook = {
+static const struct nfnl_ct_hook ctnetlink_glue_hook = {
        .build_size     = ctnetlink_glue_build_size,
        .build          = ctnetlink_glue_build,
        .parse          = ctnetlink_glue_parse,

diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 273117683922858eca82f7192f022533422de590..b776b3af78ca2fbacf5f0905f22357e2f1d3042d 100644 (file)
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -1120,7 +1120,7 @@ static struct pernet_operations nat_net_ops = {
        .size = sizeof(struct nat_net),
 };
 
-static struct nf_nat_hook nat_hook = {
+static const struct nf_nat_hook nat_hook = {
        .parse_nat_setup        = nfnetlink_parse_nat_setup,
 #ifdef CONFIG_XFRM
        .decode_session         = __nf_nat_decode_session,

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index f4468ef3d0a941f1fd8a08d955aec3e107bc7ae1..8c96e01f6a023486e5a5a2c8dbce68f1f5c8b168 100644 (file)
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -225,7 +225,7 @@ find_dequeue_entry(struct nfqnl_instance *queue, unsigned int id)
 
 static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 {
-       struct nf_ct_hook *ct_hook;
+       const struct nf_ct_hook *ct_hook;
        int err;
 
        if (verdict == NF_ACCEPT ||
@@ -388,7 +388,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
        struct net_device *outdev;
        struct nf_conn *ct = NULL;
        enum ip_conntrack_info ctinfo = 0;
-       struct nfnl_ct_hook *nfnl_ct;
+       const struct nfnl_ct_hook *nfnl_ct;
        bool csum_verify;
        char *secdata = NULL;
        u32 seclen = 0;
@@ -1115,7 +1115,7 @@ static int nfqnl_recv_verdict_batch(struct sk_buff *skb,
        return 0;
 }
 
-static struct nf_conn *nfqnl_ct_parse(struct nfnl_ct_hook *nfnl_ct,
+static struct nf_conn *nfqnl_ct_parse(const struct nfnl_ct_hook *nfnl_ct,
                                      const struct nlmsghdr *nlh,
                                      const struct nlattr * const nfqa[],
                                      struct nf_queue_entry *entry,
@@ -1182,11 +1182,11 @@ static int nfqnl_recv_verdict(struct sk_buff *skb, const struct nfnl_info *info,
 {
        struct nfnl_queue_net *q = nfnl_queue_pernet(info->net);
        u_int16_t queue_num = ntohs(info->nfmsg->res_id);
+       const struct nfnl_ct_hook *nfnl_ct;
        struct nfqnl_msg_verdict_hdr *vhdr;
        enum ip_conntrack_info ctinfo;
        struct nfqnl_instance *queue;
        struct nf_queue_entry *entry;
-       struct nfnl_ct_hook *nfnl_ct;
        struct nf_conn *ct = NULL;
        unsigned int verdict;
        int err;