2 files changed, 6 insertions, 31 deletions

diff --git a/sys/net/pf_if.c b/sys/net/pf_if.c
index 7387c12c6c1..ce7b674b058 100644
--- a/sys/net/pf_if.c
+++ b/sys/net/pf_if.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_if.c,v 1.86 2016/09/27 04:57:17 dlg Exp $ */
+/*	$OpenBSD: pf_if.c,v 1.87 2016/11/16 08:46:05 mpi Exp $ */
 
 /*
  * Copyright 2005 Henning Brauer <henning@openbsd.org>
@@ -356,7 +356,7 @@ pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
 	struct pfi_dynaddr	*dyn;
 	char			 tblname[PF_TABLE_NAME_SIZE];
 	struct pf_ruleset	*ruleset = NULL;
-	int			 s, rv = 0;
+	int			 rv = 0;
 
 	if (aw->type != PF_ADDR_DYNIFTL)
 		return (0);
@@ -364,7 +364,6 @@ pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
 	    == NULL)
 		return (1);
 
-	s = splsoftnet();
 	if (!strcmp(aw->v.ifname, "self"))
 		dyn->pfid_kif = pfi_kif_get(IFG_ALL);
 	else
@@ -407,7 +406,6 @@ pfi_dynaddr_setup(struct pf_addr_wrap *aw, sa_family_t af)
 	TAILQ_INSERT_TAIL(&dyn->pfid_kif->pfik_dynaddrs, dyn, entry);
 	aw->p.dyn = dyn;
 	pfi_kif_update(dyn->pfid_kif);
-	splx(s);
 	return (0);
 
 _bad:
@@ -418,7 +416,6 @@ _bad:
 	if (dyn->pfid_kif != NULL)
 		pfi_kif_unref(dyn->pfid_kif, PFI_KIF_REF_RULE);
 	pool_put(&pfi_addr_pl, dyn);
-	splx(s);
 	return (rv);
 }
 
@@ -589,13 +586,10 @@ pfi_address_add(struct sockaddr *sa, sa_family_t af, u_int8_t net)
 void
 pfi_dynaddr_remove(struct pf_addr_wrap *aw)
 {
-	int	s;
-
 	if (aw->type != PF_ADDR_DYNIFTL || aw->p.dyn == NULL ||
 	    aw->p.dyn->pfid_kif == NULL || aw->p.dyn->pfid_kt == NULL)
 		return;
 
-	s = splsoftnet();
 	TAILQ_REMOVE(&aw->p.dyn->pfid_kif->pfik_dynaddrs, aw->p.dyn, entry);
 	pfi_kif_unref(aw->p.dyn->pfid_kif, PFI_KIF_REF_RULE);
 	aw->p.dyn->pfid_kif = NULL;
@@ -603,7 +597,6 @@ pfi_dynaddr_remove(struct pf_addr_wrap *aw)
 	aw->p.dyn->pfid_kt = NULL;
 	pool_put(&pfi_addr_pl, aw->p.dyn);
 	aw->p.dyn = NULL;
-	splx(s);
 }
 
 void
@@ -640,23 +633,20 @@ pfi_update_status(const char *name, struct pf_status *pfs)
 	struct pfi_kif_cmp	 key;
 	struct ifg_member	 p_member, *ifgm;
 	TAILQ_HEAD(, ifg_member) ifg_members;
-	int			 i, j, k, s;
+	int			 i, j, k;
 
-	s = splsoftnet();
 	if (*name == '\0' && pfs == NULL) {
 		RB_FOREACH(p, pfi_ifhead, &pfi_ifs) {
 			bzero(p->pfik_packets, sizeof(p->pfik_packets));
 			bzero(p->pfik_bytes, sizeof(p->pfik_bytes));
 			p->pfik_tzero = time_second;
 		}
-		splx(s);
 		return;
 	}
 
 	strlcpy(key.pfik_name, name, sizeof(key.pfik_name));
 	p = RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&key);
 	if (p == NULL) {
-		splx(s);
 		return;
 	}
 	if (p->pfik_group != NULL) {
@@ -694,16 +684,14 @@ pfi_update_status(const char *name, struct pf_status *pfs)
 						p->pfik_bytes[i][j][k];
 				}
 	}
-	splx(s);
 }
 
 int
 pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size)
 {
 	struct pfi_kif	*p, *nextp;
-	int		 s, n = 0;
+	int		 n = 0;
 
-	s = splsoftnet();
 	for (p = RB_MIN(pfi_ifhead, &pfi_ifs); p; p = nextp) {
 		nextp = RB_NEXT(pfi_ifhead, &pfi_ifs, p);
 		if (pfi_skip_if(name, p))
@@ -714,14 +702,12 @@ pfi_get_ifaces(const char *name, struct pfi_kif *buf, int *size)
 			pfi_kif_ref(p, PFI_KIF_REF_RULE);
 			if (copyout(p, buf++, sizeof(*buf))) {
 				pfi_kif_unref(p, PFI_KIF_REF_RULE);
-				splx(s);
 				return (EFAULT);
 			}
 			nextp = RB_NEXT(pfi_ifhead, &pfi_ifs, p);
 			pfi_kif_unref(p, PFI_KIF_REF_RULE);
 		}
 	}
-	splx(s);
 	*size = n;
 	return (0);
 }
@@ -752,15 +738,12 @@ int
 pfi_set_flags(const char *name, int flags)
 {
 	struct pfi_kif	*p;
-	int		 s;
 
-	s = splsoftnet();
 	RB_FOREACH(p, pfi_ifhead, &pfi_ifs) {
 		if (pfi_skip_if(name, p))
 			continue;
 		p->pfik_flags_new = p->pfik_flags | flags;
 	}
-	splx(s);
 	return (0);
 }
 
@@ -768,15 +751,12 @@ int
 pfi_clear_flags(const char *name, int flags)
 {
 	struct pfi_kif	*p;
-	int		 s;
 
-	s = splsoftnet();
 	RB_FOREACH(p, pfi_ifhead, &pfi_ifs) {
 		if (pfi_skip_if(name, p))
 			continue;
 		p->pfik_flags_new = p->pfik_flags & ~flags;
 	}
-	splx(s);
 	return (0);
 }
 
@@ -784,12 +764,9 @@ void
 pfi_xcommit(void)
 {
 	struct pfi_kif	*p;
-	int		 s;
 
-	s = splsoftnet();
 	RB_FOREACH(p, pfi_ifhead, &pfi_ifs)
 		p->pfik_flags = p->pfik_flags_new;
-	splx(s);
 }
 
 /* from pf_print_state.c */
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 82bc2ed1269..9a478bafe09 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.304 2016/10/28 07:54:19 sashan Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.305 2016/11/16 08:46:05 mpi Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -769,7 +769,7 @@ pf_commit_rules(u_int32_t ticket, char *anchor)
 	struct pf_ruleset	*rs;
 	struct pf_rule		*rule, **old_array;
 	struct pf_rulequeue	*old_rules;
-	int			 s, error;
+	int			 error;
 	u_int32_t		 old_rcount;
 
 	/* Make sure any expired rules get removed from active rules first. */
@@ -788,7 +788,6 @@ pf_commit_rules(u_int32_t ticket, char *anchor)
 	}
 
 	/* Swap rules, keep the old. */
-	s = splsoftnet();
 	old_rules = rs->rules.active.ptr;
 	old_rcount = rs->rules.active.rcount;
 	old_array = rs->rules.active.ptr_array;
@@ -813,7 +812,6 @@ pf_commit_rules(u_int32_t ticket, char *anchor)
 	rs->rules.inactive.rcount = 0;
 	rs->rules.inactive.open = 0;
 	pf_remove_if_empty_ruleset(rs);
-	splx(s);
 
 	/* queue defs only in the main ruleset */
 	if (anchor[0])