On Mon, Dec 19, 2016 at 11:50:16AM +0100, Martin Pieuchot wrote: > bridge_ipsec() is always called at IPL_SOFTNET, so assert that rather > than calling splsoftnet() recursively. > > ok?
OK bluhm@ > > Index: net/if_bridge.c > =================================================================== > RCS file: /cvs/src/sys/net/if_bridge.c,v > retrieving revision 1.289 > diff -u -p -r1.289 if_bridge.c > --- net/if_bridge.c 21 Nov 2016 08:27:59 -0000 1.289 > +++ net/if_bridge.c 19 Dec 2016 10:49:52 -0000 > @@ -1393,7 +1393,7 @@ bridge_ipsec(struct bridge_softc *sc, st > struct tdb *tdb; > u_int32_t spi; > u_int16_t cpi; > - int error, off, s; > + int error, off; > u_int8_t proto = 0; > struct ip *ip; > #ifdef INET6 > @@ -1478,7 +1478,7 @@ bridge_ipsec(struct bridge_softc *sc, st > if (proto == 0) > goto skiplookup; > > - s = splsoftnet(); > + splsoftassert(IPL_SOFTNET); > > tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); > if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && > @@ -1494,10 +1494,8 @@ bridge_ipsec(struct bridge_softc *sc, st > } > > (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); > - splx(s); > return (1); > } else { > - splx(s); > skiplookup: > /* XXX do an input policy lookup */ > return (0);