ok
Martin Pieuchot([email protected]) on 2017.01.23 10:44:59 +1000:
> This function is only called by udp_input() so at IPL_SOFTNET. Assert
> that and get rid of a recursive splsoftnet()/splx() dance.
>
> ok?
>
> Index: netinet/ipsec_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ipsec_input.c,v
> retrieving revision 1.137
> diff -u -p -r1.137 ipsec_input.c
> --- netinet/ipsec_input.c 20 Jan 2017 04:22:58 -0000 1.137
> +++ netinet/ipsec_input.c 23 Jan 2017 00:43:03 -0000
> @@ -123,11 +123,13 @@ ipsec_common_input(struct mbuf *m, int s
> struct ifnet *encif;
> u_int32_t spi;
> u_int16_t cpi;
> - int s, error;
> + int error;
> #ifdef ENCDEBUG
> char buf[INET6_ADDRSTRLEN];
> #endif
>
> + splsoftassert(IPL_SOFTNET);
> +
> IPSEC_ISTAT(espstat.esps_input, ahstat.ahs_input,
> ipcompstat.ipcomps_input);
>
> @@ -227,11 +229,9 @@ ipsec_common_input(struct mbuf *m, int s
> return EPFNOSUPPORT;
> }
>
> - s = splsoftnet();
> tdbp = gettdb(rtable_l2(m->m_pkthdr.ph_rtableid),
> spi, &dst_address, sproto);
> if (tdbp == NULL) {
> - splx(s);
> DPRINTF(("ipsec_common_input(): could not find SA for "
> "packet to %s, spi %08x\n",
> ipsp_address(&dst_address, buf, sizeof(buf)), ntohl(spi)));
> @@ -242,7 +242,6 @@ ipsec_common_input(struct mbuf *m, int s
> }
>
> if (tdbp->tdb_flags & TDBF_INVALID) {
> - splx(s);
> DPRINTF(("ipsec_common_input(): attempted to use invalid "
> "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
> sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
> @@ -253,7 +252,6 @@ ipsec_common_input(struct mbuf *m, int s
> }
>
> if (udpencap && !(tdbp->tdb_flags & TDBF_UDPENCAP)) {
> - splx(s);
> DPRINTF(("ipsec_common_input(): attempted to use non-udpencap "
> "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
> sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
> @@ -263,7 +261,6 @@ ipsec_common_input(struct mbuf *m, int s
> }
>
> if (!udpencap && (tdbp->tdb_flags & TDBF_UDPENCAP)) {
> - splx(s);
> DPRINTF(("ipsec_common_input(): attempted to use udpencap "
> "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
> sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
> @@ -273,7 +270,6 @@ ipsec_common_input(struct mbuf *m, int s
> }
>
> if (tdbp->tdb_xform == NULL) {
> - splx(s);
> DPRINTF(("ipsec_common_input(): attempted to use uninitialized "
> "SA %s/%08x/%u\n", ipsp_address(&dst_address, buf,
> sizeof(buf)), ntohl(spi), tdbp->tdb_sproto));
> @@ -286,7 +282,6 @@ ipsec_common_input(struct mbuf *m, int s
> if (sproto != IPPROTO_IPCOMP) {
> if ((encif = enc_getif(tdbp->tdb_rdomain,
> tdbp->tdb_tap)) == NULL) {
> - splx(s);
> DPRINTF(("ipsec_common_input(): "
> "no enc%u interface for SA %s/%08x/%u\n",
> tdbp->tdb_tap, ipsp_address(&dst_address, buf,
> @@ -319,7 +314,6 @@ ipsec_common_input(struct mbuf *m, int s
> * everything else.
> */
> error = (*(tdbp->tdb_xform->xf_input))(m, tdbp, skip, protoff);
> - splx(s);
> return error;
> }
>
>
