netfilter: conntrack: timeouts can be const

Nowadays this is just the default template that is used when setting up
the net namespace, so nothing writes to these locations.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2017-11-12 20:42:01 +01:00 committed by Pablo Neira Ayuso
parent e8542dcec0
commit 2c9e8637ea
7 changed files with 7 additions and 7 deletions

View File

@ -22,7 +22,7 @@
#include <net/netfilter/nf_conntrack_zones.h> #include <net/netfilter/nf_conntrack_zones.h>
#include <net/netfilter/nf_log.h> #include <net/netfilter/nf_log.h>
static unsigned int nf_ct_icmp_timeout __read_mostly = 30*HZ; static const unsigned int nf_ct_icmp_timeout = 30*HZ;
static inline struct nf_icmp_net *icmp_pernet(struct net *net) static inline struct nf_icmp_net *icmp_pernet(struct net *net)
{ {

View File

@ -27,7 +27,7 @@
#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h> #include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
#include <net/netfilter/nf_log.h> #include <net/netfilter/nf_log.h>
static unsigned int nf_ct_icmpv6_timeout __read_mostly = 30*HZ; static const unsigned int nf_ct_icmpv6_timeout = 30*HZ;
static inline struct nf_icmp_net *icmpv6_pernet(struct net *net) static inline struct nf_icmp_net *icmpv6_pernet(struct net *net)
{ {

View File

@ -12,7 +12,7 @@
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <net/netfilter/nf_conntrack_l4proto.h> #include <net/netfilter/nf_conntrack_l4proto.h>
static unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ; static const unsigned int nf_ct_generic_timeout = 600*HZ;
static bool nf_generic_should_process(u8 proto) static bool nf_generic_should_process(u8 proto)
{ {

View File

@ -48,7 +48,7 @@ enum grep_conntrack {
GRE_CT_MAX GRE_CT_MAX
}; };
static unsigned int gre_timeouts[GRE_CT_MAX] = { static const unsigned int gre_timeouts[GRE_CT_MAX] = {
[GRE_CT_UNREPLIED] = 30*HZ, [GRE_CT_UNREPLIED] = 30*HZ,
[GRE_CT_REPLIED] = 180*HZ, [GRE_CT_REPLIED] = 180*HZ,
}; };

View File

@ -52,7 +52,7 @@ static const char *const sctp_conntrack_names[] = {
#define HOURS * 60 MINS #define HOURS * 60 MINS
#define DAYS * 24 HOURS #define DAYS * 24 HOURS
static unsigned int sctp_timeouts[SCTP_CONNTRACK_MAX] __read_mostly = { static const unsigned int sctp_timeouts[SCTP_CONNTRACK_MAX] = {
[SCTP_CONNTRACK_CLOSED] = 10 SECS, [SCTP_CONNTRACK_CLOSED] = 10 SECS,
[SCTP_CONNTRACK_COOKIE_WAIT] = 3 SECS, [SCTP_CONNTRACK_COOKIE_WAIT] = 3 SECS,
[SCTP_CONNTRACK_COOKIE_ECHOED] = 3 SECS, [SCTP_CONNTRACK_COOKIE_ECHOED] = 3 SECS,

View File

@ -68,7 +68,7 @@ static const char *const tcp_conntrack_names[] = {
#define HOURS * 60 MINS #define HOURS * 60 MINS
#define DAYS * 24 HOURS #define DAYS * 24 HOURS
static unsigned int tcp_timeouts[TCP_CONNTRACK_TIMEOUT_MAX] __read_mostly = { static const unsigned int tcp_timeouts[TCP_CONNTRACK_TIMEOUT_MAX] = {
[TCP_CONNTRACK_SYN_SENT] = 2 MINS, [TCP_CONNTRACK_SYN_SENT] = 2 MINS,
[TCP_CONNTRACK_SYN_RECV] = 60 SECS, [TCP_CONNTRACK_SYN_RECV] = 60 SECS,
[TCP_CONNTRACK_ESTABLISHED] = 5 DAYS, [TCP_CONNTRACK_ESTABLISHED] = 5 DAYS,

View File

@ -26,7 +26,7 @@
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h> #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h> #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
static unsigned int udp_timeouts[UDP_CT_MAX] = { static const unsigned int udp_timeouts[UDP_CT_MAX] = {
[UDP_CT_UNREPLIED] = 30*HZ, [UDP_CT_UNREPLIED] = 30*HZ,
[UDP_CT_REPLIED] = 180*HZ, [UDP_CT_REPLIED] = 180*HZ,
}; };