try to avoid a deadlock between sec_down and sec_send.
sec_send runs in the systq (because it calls ipsec stuff which uses
crypto, which is not mpsafe) and takes the net lock (because ipsec
output calls ip_output and other stuff). sec_down is called with
NET_LOCK held and tries to run a barrier for send task. if the send
task is running but is waiting for the net lock while sec_down is
holding the net lock while waiting for the task to finish, we're
deadlocked.
this copies the sc_up thing from pfsync, which hopefuly avoids this.
pointed out by mvs@
projects / openbsd / commit