diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2013-07-31 15:41:53 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2013-07-31 15:41:53 +0000 |
| commit | 724996ee0143c6a67691eb78c4e0a56971e01b50 (patch) | |
| tree | 194d76edb311cc1640cb4b56c59942e7c6f4da24 /sys/netinet/ip_input.c | |
| parent | c0a8ad9b4d0dc619b0a1fa0b99ccb2bee7be70fe (diff) | |
Move bridge_broadcast and subsequently all IPsec SPD lookup code out
of the IPL_NET. pf_test should be no longer called under IPL_NET as
well. The problem became evident after the related issue was brought
up by David Hill <dhill at mindcry ! org>.
With input from and OK mpi. Tested by David and me.
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 664afbfce34..da49a5ba33e 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.214 2013/07/04 08:22:19 mpi Exp $ */ +/* $OpenBSD: ip_input.c,v 1.215 2013/07/31 15:41:51 mikeb Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -245,7 +245,7 @@ ipv4_input(struct mbuf *m) int hlen, len; in_addr_t pfrdr = 0; #ifdef IPSEC - int error, s; + int error; struct tdb *tdb; struct tdb_ident *tdbi; struct m_tag *mtag; @@ -454,7 +454,6 @@ ipv4_input(struct mbuf *m) * inner-most IPsec SA used. */ mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); - s = splnet(); if (mtag != NULL) { tdbi = (struct tdb_ident *)(mtag + 1); tdb = gettdb(tdbi->rdomain, tdbi->spi, @@ -463,7 +462,6 @@ ipv4_input(struct mbuf *m) tdb = NULL; ipsp_spd_lookup(m, AF_INET, hlen, &error, IPSP_DIRECTION_IN, tdb, NULL, 0); - splx(s); /* Error or otherwise drop-packet indication */ if (error) { @@ -497,7 +495,7 @@ ip_ours(struct mbuf *m) struct ipqent *ipqe; int mff, hlen; #ifdef IPSEC - int error, s; + int error; struct tdb *tdb; struct tdb_ident *tdbi; struct m_tag *mtag; @@ -639,7 +637,6 @@ found: * that's needed in the real world (who uses bundles anyway ?). */ mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); - s = splnet(); if (mtag) { tdbi = (struct tdb_ident *)(mtag + 1); tdb = gettdb(tdbi->rdomain, tdbi->spi, &tdbi->dst, @@ -648,7 +645,6 @@ found: tdb = NULL; ipsp_spd_lookup(m, AF_INET, hlen, &error, IPSP_DIRECTION_IN, tdb, NULL, 0); - splx(s); /* Error or otherwise drop-packet indication. */ if (error) { |