We can remove these splsoftnet()/splx() dances because:
- pr_ctlinput* are now always called at IPL_SOFTNET
- ipsec_adjust_mtu() is only called in ip_output() so at the correct IPL.
ok?
Index: netinet/ipsec_input.c
===================================================================
RCS file: /cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.136
diff -u -p -r1.136 ipsec_input.c
--- netinet/ipsec_input.c 2 Sep 2016 09:39:32 -0000 1.136
+++ netinet/ipsec_input.c 19 Jan 2017 03:59:37 -0000
@@ -817,7 +817,6 @@ ipsec_common_ctlinput(u_int rdomain, int
void *v, int proto)
{
struct ip *ip = v;
- int s;
if (cmd == PRC_MSGSIZE && ip && ip_mtudisc && ip->ip_v == 4) {
struct tdb *tdbp;
@@ -846,21 +845,16 @@ ipsec_common_ctlinput(u_int rdomain, int
bcopy((caddr_t)ip + hlen, &spi, sizeof(u_int32_t));
- s = splsoftnet();
tdbp = gettdb(rdomain, spi, (union sockaddr_union *)&dst,
proto);
- if (tdbp == NULL || tdbp->tdb_flags & TDBF_INVALID) {
- splx(s);
+ if (tdbp == NULL || tdbp->tdb_flags & TDBF_INVALID)
return (NULL);
- }
/* Walk the chain backwards to the first tdb */
for (; tdbp; tdbp = tdbp->tdb_inext) {
if (tdbp->tdb_flags & TDBF_INVALID ||
- (adjust = ipsec_hdrsz(tdbp)) == -1) {
- splx(s);
+ (adjust = ipsec_hdrsz(tdbp)) == -1)
return (NULL);
- }
mtu -= adjust;
@@ -873,8 +867,6 @@ ipsec_common_ctlinput(u_int rdomain, int
ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
adjust));
}
- splx(s);
- return (NULL);
}
return (NULL);
}
@@ -890,7 +882,8 @@ udpencap_ctlinput(int cmd, struct sockad
ssize_t adjust;
struct sockaddr_in dst, src;
union sockaddr_union *su_dst, *su_src;
- int s;
+
+ splsoftassert(IPL_SOFTNET);
icp = (struct icmp *)((caddr_t) ip - offsetof(struct icmp, icmp_ip));
mtu = ntohs(icp->icmp_nextmtu);
@@ -913,7 +906,6 @@ udpencap_ctlinput(int cmd, struct sockad
src.sin_addr.s_addr = ip->ip_src.s_addr;
su_src = (union sockaddr_union *)&src;
- s = splsoftnet();
tdbp = gettdbbysrcdst(rdomain, 0, su_src, su_dst, IPPROTO_ESP);
for (; tdbp != NULL; tdbp = tdbp->tdb_snext) {
@@ -934,7 +926,6 @@ udpencap_ctlinput(int cmd, struct sockad
}
}
}
- splx(s);
return (NULL);
}
Index: netinet/ipsec_output.c
===================================================================
RCS file: /cvs/src/sys/netinet/ipsec_output.c,v
retrieving revision 1.64
diff -u -p -r1.64 ipsec_output.c
--- netinet/ipsec_output.c 11 Oct 2016 22:08:01 -0000 1.64
+++ netinet/ipsec_output.c 19 Jan 2017 03:57:56 -0000
@@ -567,9 +567,8 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32
struct tdb *tdbp;
struct m_tag *mtag;
ssize_t adjust;
- int s;
- s = splsoftnet();
+ splsoftassert(IPL_SOFTNET);
for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL); mtag;
mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, mtag)) {
@@ -590,6 +589,4 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32
ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
adjust, m));
}
-
- splx(s);
}
