diff options
| author | Gleb Smirnoff <glebius@FreeBSD.org> | 2026-01-05 18:03:10 +0000 |
|---|---|---|
| committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2026-01-05 18:03:10 +0000 |
| commit | e4e30d5a81367b96dc8255252b527d6a65bb43b3 (patch) | |
| tree | 0b4c8d6a451be9b15d5dddd2445df478c9e3991d | |
| parent | 89c017d068704c2bc3da9cb22f43da17a9ce8c24 (diff) | |
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw2.c | 2 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_dynamic.c | 2 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_private.h | 3 | ||||
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_sockopt.c | 5 |
4 files changed, 5 insertions, 7 deletions
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index c27b6bc274fb..4e13e6e55f1d 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -3692,7 +3692,7 @@ vnet_ipfw_init(const void *unused) rule->cmd[0].len = 1; rule->cmd[0].opcode = default_to_accept ? O_ACCEPT : O_DENY; chain->default_rule = rule; - ipfw_add_protected_rule(chain, rule, 0); + ipfw_add_protected_rule(chain, rule); ipfw_eaction_init(chain, first); ipfw_init_skipto_cache(chain); diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index cfb686594c7c..34e4e638e65a 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -3175,7 +3175,7 @@ dyn_add_protected_rule(struct ip_fw_chain *chain) cmd->opcode = O_COUNT; rule->act_ofs = cmd - rule->cmd; rule->cmd_len = rule->act_ofs + 1; - ipfw_add_protected_rule(chain, rule, 0); + ipfw_add_protected_rule(chain, rule); } void diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h index c60b7aa47e94..32ae54581833 100644 --- a/sys/netpfil/ipfw/ip_fw_private.h +++ b/sys/netpfil/ipfw/ip_fw_private.h @@ -646,8 +646,7 @@ void ipfw_destroy_skipto_cache(struct ip_fw_chain *chain); void ipfw_enable_skipto_cache(struct ip_fw_chain *chain); int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id); int ipfw_ctl3(struct sockopt *sopt); -int ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule, - int locked); +int ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule); void ipfw_reap_add(struct ip_fw_chain *chain, struct ip_fw **head, struct ip_fw *rule); void ipfw_reap_rules(struct ip_fw *head); diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c index a91fb2e84da9..2126c3e1c8a6 100644 --- a/sys/netpfil/ipfw/ip_fw_sockopt.c +++ b/sys/netpfil/ipfw/ip_fw_sockopt.c @@ -568,12 +568,11 @@ ipfw_commit_rules(struct ip_fw_chain *chain, struct rule_check_info *rci, } int -ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule, - int locked) +ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule) { struct ip_fw **map; - map = get_map(chain, 1, locked); + map = get_map(chain, 1, 0); if (map == NULL) return (ENOMEM); if (chain->n_rules > 0) |