bridge_ipsec() is always called at IPL_SOFTNET, so assert that rather
than calling splsoftnet() recursively.
ok?
Index: net/if_bridge.c
===================================================================
RCS file: /cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.289
diff -u -p -r1.289 if_bridge.c
--- net/if_bridge.c 21 Nov 2016 08:27:59 -0000 1.289
+++ net/if_bridge.c 19 Dec 2016 10:49:52 -0000
@@ -1393,7 +1393,7 @@ bridge_ipsec(struct bridge_softc *sc, st
struct tdb *tdb;
u_int32_t spi;
u_int16_t cpi;
- int error, off, s;
+ int error, off;
u_int8_t proto = 0;
struct ip *ip;
#ifdef INET6
@@ -1478,7 +1478,7 @@ bridge_ipsec(struct bridge_softc *sc, st
if (proto == 0)
goto skiplookup;
- s = splsoftnet();
+ splsoftassert(IPL_SOFTNET);
tdb = gettdb(ifp->if_rdomain, spi, &dst, proto);
if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 &&
@@ -1494,10 +1494,8 @@ bridge_ipsec(struct bridge_softc *sc, st
}
(*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off);
- splx(s);
return (1);
} else {
- splx(s);
skiplookup:
/* XXX do an input policy lookup */
return (0);
