bridge_ipsec() is always called at IPL_SOFTNET, so assert that rather than calling splsoftnet() recursively.
ok? Index: net/if_bridge.c =================================================================== RCS file: /cvs/src/sys/net/if_bridge.c,v retrieving revision 1.289 diff -u -p -r1.289 if_bridge.c --- net/if_bridge.c 21 Nov 2016 08:27:59 -0000 1.289 +++ net/if_bridge.c 19 Dec 2016 10:49:52 -0000 @@ -1393,7 +1393,7 @@ bridge_ipsec(struct bridge_softc *sc, st struct tdb *tdb; u_int32_t spi; u_int16_t cpi; - int error, off, s; + int error, off; u_int8_t proto = 0; struct ip *ip; #ifdef INET6 @@ -1478,7 +1478,7 @@ bridge_ipsec(struct bridge_softc *sc, st if (proto == 0) goto skiplookup; - s = splsoftnet(); + splsoftassert(IPL_SOFTNET); tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && @@ -1494,10 +1494,8 @@ bridge_ipsec(struct bridge_softc *sc, st } (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); - splx(s); return (1); } else { - splx(s); skiplookup: /* XXX do an input policy lookup */ return (0);