tcp: cleanup tcp_v[46]_inbound_md5_hash()

We'll soon have to call tcp_v[46]_inbound_md5_hash() twice.
Also add const attribute to the socket, as it might be the
unlocked listener for SYN packets.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 6 insertions, 10 deletions

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 2fb0945b9d83..56f8c6395966 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1112,10 +1112,13 @@ clear_hash_noput:
 }
 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
 
+#endif
+
 /* Called with rcu_read_lock() */
-static bool tcp_v4_inbound_md5_hash(struct sock *sk,
+static bool tcp_v4_inbound_md5_hash(const struct sock *sk,
                                     const struct sk_buff *skb)
 {
+#ifdef CONFIG_TCP_MD5SIG
         /*
          * This gets called for each TCP segment that arrives
          * so we want to be efficient.
@@ -1165,8 +1168,9 @@ static bool tcp_v4_inbound_md5_hash(struct sock *sk,
                 return true;
         }
         return false;
-}
 #endif
+        return false;
+}
 
 static void tcp_v4_init_req(struct request_sock *req,
                             const struct sock *sk_listener,
@@ -1607,16 +1611,8 @@ process:
         if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
                 goto discard_and_relse;
 
-#ifdef CONFIG_TCP_MD5SIG
-        /*
-         * We really want to reject the packet as early as possible
-         * if:
-         *  o We're expecting an MD5'd packet and this is no MD5 tcp option
-         *  o There is an MD5 option and we're not expecting one
-         */
         if (tcp_v4_inbound_md5_hash(sk, skb))
                 goto discard_and_relse;
-#endif
 
         nf_reset(skb);