Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v
retrieving revision 1.272
retrieving revision 1.272.2.1
diff -u -p -r1.272 -r1.272.2.1
--- src/sys/netinet/ip_input.c	2008/05/05 17:11:17	1.272
+++ src/sys/netinet/ip_input.c	2008/09/18 04:37:01	1.272.2.1
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.272 2008/05/05 17:11:17 ad Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.272.2.1 2008/09/18 04:37:01 wrstuden Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.272 2008/05/05 17:11:17 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.272.2.1 2008/09/18 04:37:01 wrstuden Exp $");
 
 #include "opt_inet.h"
 #include "opt_gateway.h"
@@ -1967,9 +1967,11 @@ ip_forward(struct mbuf *m, int srcrt)
 		type = ICMP_UNREACH;
 		code = ICMP_UNREACH_NEEDFRAG;
 
-		if ((rt = rtcache_validate(&ipforward_rt)) != NULL) {
+		if ((rt = rtcache_validate(&ipforward_rt)) != NULL)
+			destmtu = rt->rt_ifp->if_mtu;
 
 #if defined(IPSEC) || defined(FAST_IPSEC)
+		{
 			/*
 			 * If the packet is routed over IPsec tunnel, tell the
 			 * originator the tunnel MTU.
@@ -1985,10 +1987,7 @@ ip_forward(struct mbuf *m, int srcrt)
 			sp = ipsec4_getpolicybyaddr(mcopy,
 			    IPSEC_DIR_OUTBOUND, IP_FORWARDING,
 			    &ipsecerror);
-#endif
 
-			destmtu = rt->rt_ifp->if_mtu;
-#if defined(IPSEC) || defined(FAST_IPSEC)
 			if (sp != NULL) {
 				/* count IPsec header size */
 				ipsechdr = ipsec4_hdrsiz(mcopy,
@@ -2003,6 +2002,7 @@ ip_forward(struct mbuf *m, int srcrt)
 				 && sp->req->sav != NULL
 				 && sp->req->sav->sah != NULL) {
 					ro = &sp->req->sav->sah->sa_route;
+					rt = rtcache_validate(ro);
 					if (rt && rt->rt_ifp) {
 						destmtu =
 						    rt->rt_rmx.rmx_mtu ?
@@ -2018,8 +2018,8 @@ ip_forward(struct mbuf *m, int srcrt)
 				KEY_FREESP(&sp);
 #endif
 			}
-#endif /*defined(IPSEC) || defined(FAST_IPSEC)*/
 		}
+#endif /*defined(IPSEC) || defined(FAST_IPSEC)*/
 		IP_STATINC(IP_STAT_CANTFRAG);
 		break;
 
@@ -2143,9 +2143,13 @@ sysctl_net_inet_ip_pmtudto(SYSCTLFN_ARGS
 	if (tmp < 0)
 		return (EINVAL);
 
+	mutex_enter(softnet_lock);
+
 	ip_mtudisc_timeout = tmp;
 	rt_timer_queue_change(ip_mtudisc_timeout_q, ip_mtudisc_timeout);
 
+	mutex_exit(softnet_lock);
+
 	return (0);
 }
 
@@ -2156,15 +2160,19 @@ sysctl_net_inet_ip_pmtudto(SYSCTLFN_ARGS
 static int
 sysctl_net_inet_ip_maxflows(SYSCTLFN_ARGS)
 {
-	int s;
+	int error;
 
-	s = sysctl_lookup(SYSCTLFN_CALL(rnode));
-	if (s || newp == NULL)
-		return (s);
+	error = sysctl_lookup(SYSCTLFN_CALL(rnode));
+	if (error || newp == NULL)
+		return (error);
+
+	mutex_enter(softnet_lock);
+	KERNEL_LOCK(1, NULL);
 
-	s = splsoftnet();
 	ipflow_prune();
-	splx(s);
+
+	KERNEL_UNLOCK_ONE(NULL);
+	mutex_exit(softnet_lock);
 
 	return (0);
 }
@@ -2186,16 +2194,22 @@ sysctl_net_inet_ip_hashsize(SYSCTLFN_ARG
 		/*
 		 * Can only fail due to malloc()
 		 */
-		if (ipflow_invalidate_all(tmp))
-			return ENOMEM;
+		mutex_enter(softnet_lock);
+		KERNEL_LOCK(1, NULL);
+
+		error = ipflow_invalidate_all(tmp);
+
+		KERNEL_UNLOCK_ONE(NULL);
+		mutex_exit(softnet_lock);
+
 	} else {
 		/*
 		 * EINVAL if not a power of 2
 	         */
-		return EINVAL;
+		error = EINVAL;
 	}	
 
-	return (0);
+	return error;
 }
 #endif /* GATEWAY */