From 4af309c81007b60b4394f2aa7d12de9b67682e90 Mon Sep 17 00:00:00 2001
From: Attilio Rao <attilio@FreeBSD.org>
Date: Thu, 6 Oct 2011 14:29:38 +0000
Subject: [PATCH] For the INP_TIMEWAIT case, there is no valid tcpcb object
 tied to the inpcb object. Skip the TCP_SIGNATURE check in that case as it is
 consistent with the output path (no TCP_SIGNATURE for outcoming packets in
 TIMEWAIT state) and also because for TIMEWAIT state the verify may be less
 effective.

Sponsored by:		Sandvine Incorporated
Reported by:		rwatson
No objections by:	rwatson
MFC after:		3 days
---
 sys/netinet/tcp_input.c | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index b1a8b335cabb..91517b373409 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -948,24 +948,8 @@ tcp_input(struct mbuf *m, int off0)
 		}
 		INP_INFO_WLOCK_ASSERT(&V_tcbinfo);
 
-#ifdef TCP_SIGNATURE
-		tcp_dooptions(&to, optp, optlen,
-		    (thflags & TH_SYN) ? TO_SYN : 0);
-		if (sig_checked == 0) {
-			tp = intotcpcb(inp);
-			if (tp == NULL || tp->t_state == TCPS_CLOSED) {
-				rstreason = BANDLIM_RST_CLOSEDPORT;
-				goto dropwithreset;
-			}
-			if (!tcp_signature_verify_input(m, off0, tlen, optlen,
-			    &to, th, tp->t_flags))
-				goto dropunlock;
-			sig_checked = 1;
-		}
-#else
 		if (thflags & TH_SYN)
 			tcp_dooptions(&to, optp, optlen, TO_SYN);
-#endif
 		/*
 		 * NB: tcp_twcheck unlocks the INP and frees the mbuf.
 		 */