Hi, The easiest way to make divert_packet() MP safe for now, is to protect sbappendaddr() with kernel lock.
ok? bluhm Index: netinet/ip_divert.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_divert.c,v retrieving revision 1.67 diff -u -p -r1.67 ip_divert.c --- netinet/ip_divert.c 5 May 2022 16:44:22 -0000 1.67 +++ netinet/ip_divert.c 5 May 2022 20:36:23 -0000 @@ -222,11 +222,18 @@ divert_packet(struct mbuf *m, int dir, u } so = inp->inp_socket; + /* + * XXXSMP sbappendaddr() is not MP safe and this function is called + * from pf with shared netlock. To run only one sbappendaddr() + * protect it with kernel lock. Socket buffer access from system + * call is protected with exclusive net lock. + */ + KERNEL_LOCK(); if (sbappendaddr(so, &so->so_rcv, sintosa(&sin), m, NULL) == 0) { + KERNEL_UNLOCK(); divstat_inc(divs_fullsock); goto bad; } - KERNEL_LOCK(); sorwakeup(inp->inp_socket); KERNEL_UNLOCK(); Index: netinet6/ip6_divert.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_divert.c,v retrieving revision 1.66 diff -u -p -r1.66 ip6_divert.c --- netinet6/ip6_divert.c 5 May 2022 16:44:22 -0000 1.66 +++ netinet6/ip6_divert.c 5 May 2022 20:36:23 -0000 @@ -228,11 +228,18 @@ divert6_packet(struct mbuf *m, int dir, } so = inp->inp_socket; + /* + * XXXSMP sbappendaddr() is not MP safe and this function is called + * from pf with shared netlock. To run only one sbappendaddr() + * protect it with kernel lock. Socket buffer access from system + * call is protected with exclusive net lock. + */ + KERNEL_LOCK(); if (sbappendaddr(so, &so->so_rcv, sin6tosa(&sin6), m, NULL) == 0) { + KERNEL_UNLOCK(); div6stat_inc(div6s_fullsock); goto bad; } - KERNEL_LOCK(); sorwakeup(inp->inp_socket); KERNEL_UNLOCK();