From bb21efd54073efdf25d8c39120acaa75108f874a Mon Sep 17 00:00:00 2001
From: kettenis <kettenis@openbsd.org>
Date: Fri, 25 Nov 2022 18:03:53 +0000
Subject: [PATCH] Revert previous commit.  It was not properly tested and
 produces splassert warnings.  Rushing to pile more stuff on top of it isn't
 the answer.  This needs a rethink.

ok deraadt@
---
 sys/net/pf.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 2552da3ea84..33f030f9aa5 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1154 2022/11/25 03:45:39 dlg Exp $ */
+/*	$OpenBSD: pf.c,v 1.1155 2022/11/25 18:03:53 kettenis Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1603,6 +1603,9 @@ pf_purge(void *null)
 {
 	unsigned int interval = max(1, pf_default_rule.timeout[PFTM_INTERVAL]);
 
+	/* XXX is NET_LOCK necessary? */
+	NET_LOCK();
+
 	PF_LOCK();
 
 	pf_purge_expired_src_nodes();
@@ -1613,6 +1616,7 @@ pf_purge(void *null)
 	 * Fragments don't require PF_LOCK(), they use their own lock.
 	 */
 	pf_purge_expired_fragments();
+	NET_UNLOCK();
 
 	/* interpret the interval as idle time between runs */
 	timeout_add_sec(&pf_purge_to, interval);
@@ -1887,6 +1891,7 @@ pf_purge_expired_states(const unsigned int limit, const unsigned int collect)
 	if (SLIST_EMPTY(&gcl))
 		return (scanned);
 
+	NET_LOCK();
 	rw_enter_write(&pf_state_list.pfs_rwl);
 	PF_LOCK();
 	PF_STATE_ENTER_WRITE();
@@ -1899,6 +1904,7 @@ pf_purge_expired_states(const unsigned int limit, const unsigned int collect)
 	PF_STATE_EXIT_WRITE();
 	PF_UNLOCK();
 	rw_exit_write(&pf_state_list.pfs_rwl);
+	NET_UNLOCK();
 
 	while ((st = SLIST_FIRST(&gcl)) != NULL) {
 		SLIST_REMOVE_HEAD(&gcl, gc_list);
-- 
2.20.1