bulk updates are sent from a timeout which walks over the state tree and

modifies the pfsync state queues, however, it didnt prevent interrupts from
whacking the same structures.

this diff makes the bulk update code take splsoftnet() to prevent the
panics ive been suffering all day when a firewall peer was booted.

ok deraadt@

1 files changed, 7 insertions, 2 deletions

diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index 41cc6de8723..cafbdaa30bb 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pfsync.c,v 1.111 2009/02/24 21:47:28 dlg Exp $	*/
+/*	$OpenBSD: if_pfsync.c,v 1.112 2009/02/26 07:29:46 dlg Exp $	*/
 
 /*
  * Copyright (c) 2002 Michael Shalayeff
@@ -2238,7 +2238,9 @@ pfsync_bulk_update(void *arg)
 	struct pfsync_softc *sc = arg;
 	struct pf_state *st = sc->sc_bulk_next;
 	int i = 0;
+	int s;
 
+	s = splsoftnet();
 	do {
 		if (st->sync_state == PFSYNC_S_NONE &&
 		    st->timeout < PFTM_MAX &&
@@ -2254,7 +2256,7 @@ pfsync_bulk_update(void *arg)
 		if (i > 0 && TAILQ_EMPTY(&sc->sc_qs[PFSYNC_S_UPD])) {
 			sc->sc_bulk_next = st;
 			timeout_add(&sc->sc_bulk_tmo, 1);
-			return;
+			goto out;
 		}
 	} while (st != sc->sc_bulk_last);
 
@@ -2262,6 +2264,9 @@ pfsync_bulk_update(void *arg)
 	sc->sc_bulk_next = NULL;
 	sc->sc_bulk_last = NULL;
 	pfsync_bulk_status(PFSYNC_BUS_END);
+
+out:
+	splx(s);
 }
 
 void