netfilter: nat: move nf_xfrm_me_harder to where it is used

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

remove the export and make it static.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 5 years ago 885e8c68 b2f0ca00

+38 -39

3 changed files

expand all

include

net

netfilter

nf_nat.h

net

netfilter

nf_nat_core.c

nf_nat_proto.c

-2

include/net/netfilter/nf_nat.h

··· 104 104 nf_nat_inet_fn(void *priv, struct sk_buff *skb, 105 105 const struct nf_hook_state *state); 106 106 107 - int nf_xfrm_me_harder(struct net *n, struct sk_buff *s, unsigned int family); 108 - 109 107 static inline int nf_nat_initialized(struct nf_conn *ct, 110 108 enum nf_nat_manip_type manip) 111 109 {

-37

net/netfilter/nf_nat_core.c

··· 146 146 return; 147 147 } 148 148 } 149 - 150 - int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family) 151 - { 152 - struct flowi fl; 153 - unsigned int hh_len; 154 - struct dst_entry *dst; 155 - struct sock *sk = skb->sk; 156 - int err; 157 - 158 - err = xfrm_decode_session(skb, &fl, family); 159 - if (err < 0) 160 - return err; 161 - 162 - dst = skb_dst(skb); 163 - if (dst->xfrm) 164 - dst = ((struct xfrm_dst *)dst)->route; 165 - if (!dst_hold_safe(dst)) 166 - return -EHOSTUNREACH; 167 - 168 - if (sk && !net_eq(net, sock_net(sk))) 169 - sk = NULL; 170 - 171 - dst = xfrm_lookup(net, dst, &fl, sk, 0); 172 - if (IS_ERR(dst)) 173 - return PTR_ERR(dst); 174 - 175 - skb_dst_drop(skb); 176 - skb_dst_set(skb, dst); 177 - 178 - /* Change in oif may mean change in hh_len. */ 179 - hh_len = skb_dst(skb)->dev->hard_header_len; 180 - if (skb_headroom(skb) < hh_len && 181 - pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) 182 - return -ENOMEM; 183 - return 0; 184 - } 185 - EXPORT_SYMBOL(nf_xfrm_me_harder); 186 149 #endif /* CONFIG_XFRM */ 187 150 188 151 /* We keep an extra hash for each conntrack, for fast searching. */

+38

net/netfilter/nf_nat_proto.c

··· 659 659 return ret; 660 660 } 661 661 662 + #ifdef CONFIG_XFRM 663 + static int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family) 664 + { 665 + struct sock *sk = skb->sk; 666 + struct dst_entry *dst; 667 + unsigned int hh_len; 668 + struct flowi fl; 669 + int err; 670 + 671 + err = xfrm_decode_session(skb, &fl, family); 672 + if (err < 0) 673 + return err; 674 + 675 + dst = skb_dst(skb); 676 + if (dst->xfrm) 677 + dst = ((struct xfrm_dst *)dst)->route; 678 + if (!dst_hold_safe(dst)) 679 + return -EHOSTUNREACH; 680 + 681 + if (sk && !net_eq(net, sock_net(sk))) 682 + sk = NULL; 683 + 684 + dst = xfrm_lookup(net, dst, &fl, sk, 0); 685 + if (IS_ERR(dst)) 686 + return PTR_ERR(dst); 687 + 688 + skb_dst_drop(skb); 689 + skb_dst_set(skb, dst); 690 + 691 + /* Change in oif may mean change in hh_len. */ 692 + hh_len = skb_dst(skb)->dev->hard_header_len; 693 + if (skb_headroom(skb) < hh_len && 694 + pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) 695 + return -ENOMEM; 696 + return 0; 697 + } 698 + #endif 699 + 662 700 static unsigned int 663 701 nf_nat_ipv4_local_in(void *priv, struct sk_buff *skb, 664 702 const struct nf_hook_state *state)