subject:"bridge\(4\), IPSEC and splsoftnet\(\)"

Re: bridge(4), IPSEC and splsoftnet()

2016-12-19 Thread Alexander Bluhm

On Mon, Dec 19, 2016 at 11:50:16AM +0100, Martin Pieuchot wrote:
> bridge_ipsec() is always called at IPL_SOFTNET, so assert that rather
> than calling splsoftnet() recursively.
> 
> ok?

OK bluhm@

> 
> Index: net/if_bridge.c
> ===
> RCS file: /cvs/src/sys/net/if_bridge.c,v
> retrieving revision 1.289
> diff -u -p -r1.289 if_bridge.c
> --- net/if_bridge.c   21 Nov 2016 08:27:59 -  1.289
> +++ net/if_bridge.c   19 Dec 2016 10:49:52 -
> @@ -1393,7 +1393,7 @@ bridge_ipsec(struct bridge_softc *sc, st
>   struct tdb *tdb;
>   u_int32_t spi;
>   u_int16_t cpi;
> - int error, off, s;
> + int error, off;
>   u_int8_t proto = 0;
>   struct ip *ip;
>  #ifdef INET6
> @@ -1478,7 +1478,7 @@ bridge_ipsec(struct bridge_softc *sc, st
>   if (proto == 0)
>   goto skiplookup;
>  
> - s = splsoftnet();
> + splsoftassert(IPL_SOFTNET);
>  
>   tdb = gettdb(ifp->if_rdomain, spi, , proto);
>   if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 &&
> @@ -1494,10 +1494,8 @@ bridge_ipsec(struct bridge_softc *sc, st
>   }
>  
>   (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off);
> - splx(s);
>   return (1);
>   } else {
> - splx(s);
>   skiplookup:
>   /* XXX do an input policy lookup */
>   return (0);

bridge(4), IPSEC and splsoftnet()

2016-12-19 Thread Martin Pieuchot

bridge_ipsec() is always called at IPL_SOFTNET, so assert that rather
than calling splsoftnet() recursively.

ok?

Index: net/if_bridge.c
===
RCS file: /cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.289
diff -u -p -r1.289 if_bridge.c
--- net/if_bridge.c 21 Nov 2016 08:27:59 -  1.289
+++ net/if_bridge.c 19 Dec 2016 10:49:52 -
@@ -1393,7 +1393,7 @@ bridge_ipsec(struct bridge_softc *sc, st
struct tdb *tdb;
u_int32_t spi;
u_int16_t cpi;
-   int error, off, s;
+   int error, off;
u_int8_t proto = 0;
struct ip *ip;
 #ifdef INET6
@@ -1478,7 +1478,7 @@ bridge_ipsec(struct bridge_softc *sc, st
if (proto == 0)
goto skiplookup;
 
-   s = splsoftnet();
+   splsoftassert(IPL_SOFTNET);
 
tdb = gettdb(ifp->if_rdomain, spi, , proto);
if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 &&
@@ -1494,10 +1494,8 @@ bridge_ipsec(struct bridge_softc *sc, st
}
 
(*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off);
-   splx(s);
return (1);
} else {
-   splx(s);
  skiplookup:
/* XXX do an input policy lookup */
return (0);

Re: bridge(4), IPSEC and splsoftnet()

bridge(4), IPSEC and splsoftnet()

2 matches

Site Navigation

Mail list logo

Footer information