netfilter: nat: move nf_xfrm_me_harder to where it is used

remove the export and make it static.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 0d412dd..987111a 100644 (file)
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -104,8 +104,6 @@ unsigned int
 nf_nat_inet_fn(void *priv, struct sk_buff *skb,
               const struct nf_hook_state *state);
 
-int nf_xfrm_me_harder(struct net *n, struct sk_buff *s, unsigned int family);
-
 static inline int nf_nat_initialized(struct nf_conn *ct,
                                     enum nf_nat_manip_type manip)
 {

diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index b7c3c90..7de595e 100644 (file)
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -146,43 +146,6 @@ static void __nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl)
                return;
        }
 }
-
-int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family)
-{
-       struct flowi fl;
-       unsigned int hh_len;
-       struct dst_entry *dst;
-       struct sock *sk = skb->sk;
-       int err;
-
-       err = xfrm_decode_session(skb, &fl, family);
-       if (err < 0)
-               return err;
-
-       dst = skb_dst(skb);
-       if (dst->xfrm)
-               dst = ((struct xfrm_dst *)dst)->route;
-       if (!dst_hold_safe(dst))
-               return -EHOSTUNREACH;
-
-       if (sk && !net_eq(net, sock_net(sk)))
-               sk = NULL;
-
-       dst = xfrm_lookup(net, dst, &fl, sk, 0);
-       if (IS_ERR(dst))
-               return PTR_ERR(dst);
-
-       skb_dst_drop(skb);
-       skb_dst_set(skb, dst);
-
-       /* Change in oif may mean change in hh_len. */
-       hh_len = skb_dst(skb)->dev->hard_header_len;
-       if (skb_headroom(skb) < hh_len &&
-           pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
-               return -ENOMEM;
-       return 0;
-}
-EXPORT_SYMBOL(nf_xfrm_me_harder);
 #endif /* CONFIG_XFRM */
 
 /* We keep an extra hash for each conntrack, for fast searching. */

diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c
index 4731d21..48cc600 100644 (file)
--- a/net/netfilter/nf_nat_proto.c
+++ b/net/netfilter/nf_nat_proto.c
@@ -659,6 +659,44 @@ nf_nat_ipv4_pre_routing(void *priv, struct sk_buff *skb,
        return ret;
 }
 
+#ifdef CONFIG_XFRM
+static int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family)
+{
+       struct sock *sk = skb->sk;
+       struct dst_entry *dst;
+       unsigned int hh_len;
+       struct flowi fl;
+       int err;
+
+       err = xfrm_decode_session(skb, &fl, family);
+       if (err < 0)
+               return err;
+
+       dst = skb_dst(skb);
+       if (dst->xfrm)
+               dst = ((struct xfrm_dst *)dst)->route;
+       if (!dst_hold_safe(dst))
+               return -EHOSTUNREACH;
+
+       if (sk && !net_eq(net, sock_net(sk)))
+               sk = NULL;
+
+       dst = xfrm_lookup(net, dst, &fl, sk, 0);
+       if (IS_ERR(dst))
+               return PTR_ERR(dst);
+
+       skb_dst_drop(skb);
+       skb_dst_set(skb, dst);
+
+       /* Change in oif may mean change in hh_len. */
+       hh_len = skb_dst(skb)->dev->hard_header_len;
+       if (skb_headroom(skb) < hh_len &&
+           pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
+               return -ENOMEM;
+       return 0;
+}
+#endif
+
 static unsigned int
 nf_nat_ipv4_local_in(void *priv, struct sk_buff *skb,
                     const struct nf_hook_state *state)