The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=e4e30d5a81367b96dc8255252b527d6a65bb43b3
commit e4e30d5a81367b96dc8255252b527d6a65bb43b3 Author: Gleb Smirnoff <[email protected]> AuthorDate: 2026-01-05 18:03:10 +0000 Commit: Gleb Smirnoff <[email protected]> CommitDate: 2026-01-05 18:03:10 +0000 ipfw: remove extraneous argument from ipfw_add_protected_rule() This function is always called with unlocked IPFW_UH_LOCK. --- sys/netpfil/ipfw/ip_fw2.c | 2 +- sys/netpfil/ipfw/ip_fw_dynamic.c | 2 +- sys/netpfil/ipfw/ip_fw_private.h | 3 +-- sys/netpfil/ipfw/ip_fw_sockopt.c | 5 ++--- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index c27b6bc274fb..4e13e6e55f1d 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -3692,7 +3692,7 @@ vnet_ipfw_init(const void *unused) rule->cmd[0].len = 1; rule->cmd[0].opcode = default_to_accept ? O_ACCEPT : O_DENY; chain->default_rule = rule; - ipfw_add_protected_rule(chain, rule, 0); + ipfw_add_protected_rule(chain, rule); ipfw_eaction_init(chain, first); ipfw_init_skipto_cache(chain); diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index cfb686594c7c..34e4e638e65a 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -3175,7 +3175,7 @@ dyn_add_protected_rule(struct ip_fw_chain *chain) cmd->opcode = O_COUNT; rule->act_ofs = cmd - rule->cmd; rule->cmd_len = rule->act_ofs + 1; - ipfw_add_protected_rule(chain, rule, 0); + ipfw_add_protected_rule(chain, rule); } void diff --git a/sys/netpfil/ipfw/ip_fw_private.h b/sys/netpfil/ipfw/ip_fw_private.h index c60b7aa47e94..32ae54581833 100644 --- a/sys/netpfil/ipfw/ip_fw_private.h +++ b/sys/netpfil/ipfw/ip_fw_private.h @@ -646,8 +646,7 @@ void ipfw_destroy_skipto_cache(struct ip_fw_chain *chain); void ipfw_enable_skipto_cache(struct ip_fw_chain *chain); int ipfw_find_rule(struct ip_fw_chain *chain, uint32_t key, uint32_t id); int ipfw_ctl3(struct sockopt *sopt); -int ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule, - int locked); +int ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule); void ipfw_reap_add(struct ip_fw_chain *chain, struct ip_fw **head, struct ip_fw *rule); void ipfw_reap_rules(struct ip_fw *head); diff --git a/sys/netpfil/ipfw/ip_fw_sockopt.c b/sys/netpfil/ipfw/ip_fw_sockopt.c index a91fb2e84da9..2126c3e1c8a6 100644 --- a/sys/netpfil/ipfw/ip_fw_sockopt.c +++ b/sys/netpfil/ipfw/ip_fw_sockopt.c @@ -568,12 +568,11 @@ ipfw_commit_rules(struct ip_fw_chain *chain, struct rule_check_info *rci, } int -ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule, - int locked) +ipfw_add_protected_rule(struct ip_fw_chain *chain, struct ip_fw *rule) { struct ip_fw **map; - map = get_map(chain, 1, locked); + map = get_map(chain, 1, 0); if (map == NULL) return (ENOMEM); if (chain->n_rules > 0)
