As reported by Hrvoje Popovski, these two callbacks also need the
NET_LOCK():
splassert: ip_output: want 1 have 0
Starting stack trace...
ip_output() at ip_output+0x7d
pfsync_sendout() at pfsync_sendout+0x499
pfsync_update_tdb() at pfsync_update_tdb+0x13a
esp_input_cb() at esp_input_cb+0x234
taskq_thread() at taskq_thread+0x6c
end trace frame: 0x0, count: 252
End of stack trace.
ok?
Index: netinet/ip_ah.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_ah.c,v
retrieving revision 1.124
diff -u -p -r1.124 ip_ah.c
--- netinet/ip_ah.c 24 Dec 2016 11:17:35 -0000 1.124
+++ netinet/ip_ah.c 9 Jan 2017 15:08:56 -0000
@@ -727,7 +727,7 @@ ah_input_cb(struct cryptop *crp)
return (EINVAL);
}
- s = splsoftnet();
+ NET_LOCK(s);
tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto);
if (tdb == NULL) {
@@ -746,7 +746,7 @@ ah_input_cb(struct cryptop *crp)
/* Reset the session ID */
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
- splx(s);
+ NET_UNLOCK(s);
return crypto_dispatch(crp);
}
free(tc, M_XDATA, 0);
@@ -836,7 +836,7 @@ ah_input_cb(struct cryptop *crp)
m1 = m_getptr(m, skip, &roff);
if (m1 == NULL) {
ahstat.ahs_hdrops++;
- splx(s);
+ NET_UNLOCK(s);
m_freem(m);
DPRINTF(("ah_input(): bad mbuf chain for packet in SA "
@@ -905,11 +905,11 @@ ah_input_cb(struct cryptop *crp)
}
error = ipsec_common_input_cb(m, tdb, skip, protoff);
- splx(s);
+ NET_UNLOCK(s);
return (error);
baddone:
- splx(s);
+ NET_UNLOCK(s);
m_freem(m);
Index: netinet/ip_esp.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_esp.c,v
retrieving revision 1.142
diff -u -p -r1.142 ip_esp.c
--- netinet/ip_esp.c 24 Dec 2016 11:17:35 -0000 1.142
+++ netinet/ip_esp.c 9 Jan 2017 15:08:56 -0000
@@ -556,7 +556,7 @@ esp_input_cb(struct cryptop *crp)
return (EINVAL);
}
- s = splsoftnet();
+ NET_LOCK(s);
tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto);
if (tdb == NULL) {
@@ -575,7 +575,7 @@ esp_input_cb(struct cryptop *crp)
/* Reset the session ID */
if (tdb->tdb_cryptoid != 0)
tdb->tdb_cryptoid = crp->crp_sid;
- splx(s);
+ NET_UNLOCK(s);
return crypto_dispatch(crp);
}
free(tc, M_XDATA, 0);
@@ -668,7 +668,7 @@ esp_input_cb(struct cryptop *crp)
m1 = m_getptr(m, skip, &roff);
if (m1 == NULL) {
espstat.esps_hdrops++;
- splx(s);
+ NET_UNLOCK(s);
DPRINTF(("esp_input_cb(): bad mbuf chain, SA %s/%08x\n",
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
ntohl(tdb->tdb_spi)));
@@ -725,7 +725,7 @@ esp_input_cb(struct cryptop *crp)
/* Verify pad length */
if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
espstat.esps_badilen++;
- splx(s);
+ NET_UNLOCK(s);
DPRINTF(("esp_input_cb(): invalid padding length %d for "
"packet in SA %s/%08x\n", lastthree[1],
ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)),
@@ -737,7 +737,7 @@ esp_input_cb(struct cryptop *crp)
/* Verify correct decryption by checking the last padding bytes */
if ((lastthree[1] != lastthree[0]) && (lastthree[1] != 0)) {
espstat.esps_badenc++;
- splx(s);
+ NET_UNLOCK(s);
DPRINTF(("esp_input(): decryption failed for packet in "
"SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf,
sizeof(buf)), ntohl(tdb->tdb_spi)));
@@ -753,11 +753,11 @@ esp_input_cb(struct cryptop *crp)
/* Back to generic IPsec input processing */
error = ipsec_common_input_cb(m, tdb, skip, protoff);
- splx(s);
+ NET_UNLOCK(s);
return (error);
baddone:
- splx(s);
+ NET_UNLOCK(s);
m_freem(m);
