Update nfsrv_getsocksndseq() for changes in TCP internals since FreeBSD
6.x:

- so_pcb is now guaranteed to be non-NULL and valid if a valid socket
  reference is held.

- Need to check INP_TIMEWAIT and INP_DROPPED before assuming inp_ppcb is a
  tcpcb, as it might be a tcptw or NULL otherwise.

- tp can never be NULL by the end of the function, so only check
  TCPS_ESTABLISHED before extracting tcpcb fields.

The NFS server arguably incorporates too many assumptions about TCP
internals, but fixing that is left for nother day.

MFC after:		1 week
Reviewed and tested by:	rmacklem
Sponsored by:		Juniper Networks

Index: nfs_nfsdport.c
===================================================================
--- nfs_nfsdport.c	(revision 204797)
+++ nfs_nfsdport.c	(working copy)
@@ -2671,24 +2671,23 @@ nfsrv_getsocksndseq(struct socket *so, tcp_seq *ma
 {
 	struct inpcb *inp;
 	struct tcpcb *tp;
-	int error = EPIPE;
 
-	INP_INFO_RLOCK(&V_tcbinfo);
 	inp = sotoinpcb(so);
-	if (inp == NULL) {
-		INP_INFO_RUNLOCK(&V_tcbinfo);
-		return (error);
-	}
+	KASSERT(inp != NULL, ("nfsrv_getsocksndseq: inp == NULL"));
 	INP_RLOCK(inp);
-	INP_INFO_RUNLOCK(&V_tcbinfo);
+	if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
+		INP_RUNLOCK(inp);
+		return (EPIPE);
+	}
 	tp = intotcpcb(inp);
-	if (tp != NULL && tp->t_state == TCPS_ESTABLISHED) {
-		*maxp = tp->snd_max;
-		*unap = tp->snd_una;
-		error = 0;
+	if (tp->t_state != TCPS_ESTABLISHED) {
+		INP_RUNLOCK(inp);
+		return (EPIPE);
 	}
+	*maxp = tp->snd_max;
+	*unap = tp->snd_una;
 	INP_RUNLOCK(inp);
-	return (error);
+	return (0);
 }
 
 /*