diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 7eb0320df2a..28b82f37f4a 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -490,8 +490,7 @@ static struct dyn_ipv6_state *dyn_lookup_ipv6_state( const struct ipfw_flow_id *, uint32_t, const void *, struct ipfw_dyn_info *, int); static int dyn_lookup_ipv6_state_locked(const struct ipfw_flow_id *, - uint32_t, const void *, int, const void *, uint32_t, uint16_t, uint32_t, - uint16_t); + uint32_t, const void *, int, uint32_t, uint16_t); static struct dyn_ipv6_state *dyn_alloc_ipv6_state( const struct ipfw_flow_id *, uint32_t, uint16_t, uint8_t); static int dyn_add_ipv6_state(void *, uint32_t, uint16_t, uint8_t, @@ -547,7 +546,7 @@ static void dyn_update_proto_state(struct dyn_data *, struct dyn_ipv4_state *dyn_lookup_ipv4_state(const struct ipfw_flow_id *, const void *, struct ipfw_dyn_info *, int); static int dyn_lookup_ipv4_state_locked(const struct ipfw_flow_id *, - const void *, int, const void *, uint32_t, uint16_t, uint32_t, uint16_t); + const void *, int, uint32_t, uint16_t); static struct dyn_ipv4_state *dyn_alloc_ipv4_state( const struct ipfw_flow_id *, uint16_t, uint8_t); static int dyn_add_ipv4_state(void *, uint32_t, uint16_t, uint8_t, @@ -1066,8 +1065,7 @@ restart: */ static int dyn_lookup_ipv4_state_locked(const struct ipfw_flow_id *pkt, - const void *ulp, int pktlen, const void *parent, uint32_t ruleid, - uint16_t rulenum, uint32_t bucket, uint16_t kidx) + const void *ulp, int pktlen, uint32_t bucket, uint16_t kidx) { struct dyn_ipv4_state *s; int dir; @@ -1078,15 +1076,6 @@ dyn_lookup_ipv4_state_locked(const struct ipfw_flow_id *pkt, if (s->proto != pkt->proto || s->kidx != kidx) continue; - /* - * XXXAE: Install synchronized state only when there are - * no matching states. - */ - if (pktlen != 0 && ( - s->data->parent != parent || - s->data->ruleid != ruleid || - s->data->rulenum != rulenum)) - continue; if (s->sport == pkt->src_port && s->dport == pkt->dst_port && s->src == pkt->src_ip && s->dst == pkt->dst_ip) { @@ -1228,8 +1217,7 @@ restart: */ static int dyn_lookup_ipv6_state_locked(const struct ipfw_flow_id *pkt, uint32_t zoneid, - const void *ulp, int pktlen, const void *parent, uint32_t ruleid, - uint16_t rulenum, uint32_t bucket, uint16_t kidx) + const void *ulp, int pktlen, uint32_t bucket, uint16_t kidx) { struct dyn_ipv6_state *s; int dir; @@ -1240,15 +1228,6 @@ dyn_lookup_ipv6_state_locked(const struct ipfw_flow_id *pkt, uint32_t zoneid, if (s->proto != pkt->proto || s->kidx != kidx || s->zoneid != zoneid) continue; - /* - * XXXAE: Install synchronized state only when there are - * no matching states. - */ - if (pktlen != 0 && ( - s->data->parent != parent || - s->data->ruleid != ruleid || - s->data->rulenum != rulenum)) - continue; if (s->sport == pkt->src_port && s->dport == pkt->dst_port && IN6_ARE_ADDR_EQUAL(&s->src, &pkt->src_ip6) && IN6_ARE_ADDR_EQUAL(&s->dst, &pkt->dst_ip6)) { @@ -1595,8 +1574,8 @@ dyn_add_ipv4_state(void *parent, uint32_t ruleid, uint16_t rulenum, * Bucket version has been changed since last lookup, * do lookup again to be sure that state does not exist. */ - if (dyn_lookup_ipv4_state_locked(pkt, ulp, pktlen, parent, - ruleid, rulenum, bucket, kidx) != 0) { + if (dyn_lookup_ipv4_state_locked(pkt, ulp, pktlen, + bucket, kidx) != 0) { DYN_BUCKET_UNLOCK(bucket); return (EEXIST); } @@ -1727,7 +1706,7 @@ dyn_add_ipv6_state(void *parent, uint32_t ruleid, uint16_t rulenum, * do lookup again to be sure that state does not exist. */ if (dyn_lookup_ipv6_state_locked(pkt, zoneid, ulp, pktlen, - parent, ruleid, rulenum, bucket, kidx) != 0) { + bucket, kidx) != 0) { DYN_BUCKET_UNLOCK(bucket); return (EEXIST); }