Hi,
at which spl level should ether_input() be called ?
When called from a real device driver it's at splnet, but when it is from
a pseudo-device it's not (and I got a panic because of this).
Parts of ether_input are protected with splnet(), but there is one missing:
the call to bridge_input(). In my case, a write to /dev/tap0 ended up
calling ex_start() at a lower priority than IPL_NET (probably IPL_BIO,
I didn't check). bridge_input() itself also needs to run at splnet().

I see 2 ways to fix this:
1) declare that ether_input() needs to always be called at splnet() (as it's
   already this way for the common case), add splnet()/splx() around the
   (*ifp->if_input) call in tap_dev_write(), and remove the unecessary
   splnet()/splx() in ether_input().
2) add the missing splnet()/splx() in ether_input().

I think the most efficient way it 1). But if the convention is that
(*ifp->if_input) doesn't need to be called at splnet() (I didn't find
infos about this) then we need to do 2).

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--