netns xfrm: per-netns policy counts

[deliverable/linux.git] / include / net / xfrm.h

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 1ab17565f01c714f97657e7c6e3fdea8d8f21c0e..8699620f8c2df01e0c15bb703ab760781597e518 100644 (file)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -559,8 +559,6 @@ struct xfrm_mgr
 extern int xfrm_register_km(struct xfrm_mgr *km);
 extern int xfrm_unregister_km(struct xfrm_mgr *km);
 
-extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];
-
 /*
  * This structure is used for the duration where packets are being
  * transformed by IPsec.  As soon as the packet leaves IPsec the
@@ -999,7 +997,7 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir,
        if (sk && sk->sk_policy[XFRM_POLICY_IN])
                return __xfrm_policy_check(sk, ndir, skb, family);
 
-       return  (!xfrm_policy_count[dir] && !skb->sp) ||
+       return  (!init_net.xfrm.policy_count[dir] && !skb->sp) ||
                (skb->dst->flags & DST_NOPOLICY) ||
                __xfrm_policy_check(sk, ndir, skb, family);
 }
@@ -1051,7 +1049,7 @@ extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
 
 static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
 {
-       return  !xfrm_policy_count[XFRM_POLICY_OUT] ||
+       return  !init_net.xfrm.policy_count[XFRM_POLICY_OUT] ||
                (skb->dst->flags & DST_NOXFRM) ||
                __xfrm_route_forward(skb, family);
 }