Kill the divert-packet socket option IP_DIVERTFL to filter packets.

It used a loop over the global list divbtable that would be hard
to make MP safe.  The port net/dnsfilter does not work without this,
it should be converted to divert-to.  Neither other ports nor base
use this filter feature.
ports checked by sthen@; OK mpi@ benno@

1 files changed, 1 insertions, 13 deletions

diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index a6b57213d81..42c355d123b 100644
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ip_divert.c,v 1.52 2017/09/06 11:43:04 bluhm Exp $ */
+/*      $OpenBSD: ip_divert.c,v 1.53 2017/10/06 21:14:55 bluhm Exp $ */
 
 /*
  * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
@@ -186,18 +186,6 @@ divert_packet(struct mbuf *m, int dir, u_int16_t divert_port)
 		return (0);
 	}
 
-	TAILQ_FOREACH(inp, &divbtable.inpt_queue, inp_queue) {
-		if (inp->inp_lport != divert_port)
-			continue;
-		if (inp->inp_divertfl == 0)
-			break;
-		if (dir == PF_IN && !(inp->inp_divertfl & IPPROTO_DIVERT_RESP))
-			return (-1);
-		if (dir == PF_OUT && !(inp->inp_divertfl & IPPROTO_DIVERT_INIT))
-			return (-1);
-		break;
-	}
-
 	memset(&addr, 0, sizeof(addr));
 	addr.sin_family = AF_INET;
 	addr.sin_len = sizeof(addr);