Commit 885e8c68 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: nat: move nf_xfrm_me_harder to where it is used 



remove the export and make it static.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent b2f0ca00

include/net/netfilter/nf_nat.h

+0 −2
Original line number Diff line number Diff line
@@ -104,8 +104,6 @@ unsigned int 
nf_nat_inet_fn(void *priv, struct sk_buff *skb,

	       const struct nf_hook_state *state);



int nf_xfrm_me_harder(struct net *n, struct sk_buff *s, unsigned int family);



static inline int nf_nat_initialized(struct nf_conn *ct,

				     enum nf_nat_manip_type manip)

{

net/netfilter/nf_nat_core.c

+0 −37
Original line number Diff line number Diff line
@@ -146,43 +146,6 @@ static void __nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl) 
		return;

	}

}



int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family)

{

	struct flowi fl;

	unsigned int hh_len;

	struct dst_entry *dst;

	struct sock *sk = skb->sk;

	int err;



	err = xfrm_decode_session(skb, &fl, family);

	if (err < 0)

		return err;



	dst = skb_dst(skb);

	if (dst->xfrm)

		dst = ((struct xfrm_dst *)dst)->route;

	if (!dst_hold_safe(dst))

		return -EHOSTUNREACH;



	if (sk && !net_eq(net, sock_net(sk)))

		sk = NULL;



	dst = xfrm_lookup(net, dst, &fl, sk, 0);

	if (IS_ERR(dst))

		return PTR_ERR(dst);



	skb_dst_drop(skb);

	skb_dst_set(skb, dst);



	/* Change in oif may mean change in hh_len. */

	hh_len = skb_dst(skb)->dev->hard_header_len;

	if (skb_headroom(skb) < hh_len &&

	    pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))

		return -ENOMEM;

	return 0;

}

EXPORT_SYMBOL(nf_xfrm_me_harder);

#endif /* CONFIG_XFRM */



/* We keep an extra hash for each conntrack, for fast searching. */

net/netfilter/nf_nat_proto.c

+38 −0
Original line number Diff line number Diff line
@@ -659,6 +659,44 @@ nf_nat_ipv4_pre_routing(void *priv, struct sk_buff *skb, 
	return ret;

}



#ifdef CONFIG_XFRM

static int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family)

{

	struct sock *sk = skb->sk;

	struct dst_entry *dst;

	unsigned int hh_len;

	struct flowi fl;

	int err;



	err = xfrm_decode_session(skb, &fl, family);

	if (err < 0)

		return err;



	dst = skb_dst(skb);

	if (dst->xfrm)

		dst = ((struct xfrm_dst *)dst)->route;

	if (!dst_hold_safe(dst))

		return -EHOSTUNREACH;



	if (sk && !net_eq(net, sock_net(sk)))

		sk = NULL;



	dst = xfrm_lookup(net, dst, &fl, sk, 0);

	if (IS_ERR(dst))

		return PTR_ERR(dst);



	skb_dst_drop(skb);

	skb_dst_set(skb, dst);



	/* Change in oif may mean change in hh_len. */

	hh_len = skb_dst(skb)->dev->hard_header_len;

	if (skb_headroom(skb) < hh_len &&

	    pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))

		return -ENOMEM;

	return 0;

}

#endif



static unsigned int

nf_nat_ipv4_local_in(void *priv, struct sk_buff *skb,

		     const struct nf_hook_state *state)