pfsync_update_net_tdb() is only called by pfsync_input() which already
runs at IPL_SOFTNET. So trade the spl dance for an assert, ok?
Index: net/if_pfsync.c
===================================================================
RCS file: /cvs/src/sys/net/if_pfsync.c,v
retrieving revision 1.239
diff -u -p -r1.239 if_pfsync.c
--- net/if_pfsync.c 19 Dec 2016 15:46:28 -0000 1.239
+++ net/if_pfsync.c 19 Jan 2017 03:52:57 -0000
@@ -1164,7 +1164,8 @@ void
pfsync_update_net_tdb(struct pfsync_tdb *pt)
{
struct tdb *tdb;
- int s;
+
+ splsoftassert(IPL_SOFTNET);
/* check for invalid values */
if (ntohl(pt->spi) <= SPI_RESERVED_MAX ||
@@ -1172,7 +1173,6 @@ pfsync_update_net_tdb(struct pfsync_tdb
pt->dst.sa.sa_family != AF_INET6))
goto bad;
- s = splsoftnet();
tdb = gettdb(ntohs(pt->rdomain), pt->spi,
(union sockaddr_union *)&pt->dst, pt->sproto);
if (tdb) {
@@ -1182,14 +1182,12 @@ pfsync_update_net_tdb(struct pfsync_tdb
/* Neither replay nor byte counter should ever decrease. */
if (pt->rpl < tdb->tdb_rpl ||
pt->cur_bytes < tdb->tdb_cur_bytes) {
- splx(s);
goto bad;
}
tdb->tdb_rpl = pt->rpl;
tdb->tdb_cur_bytes = pt->cur_bytes;
}
- splx(s);
return;
bad:
