Author: zec
Date: Tue Jul 1 07:54:12 2014
New Revision: 268081
URL: http://svnweb.freebsd.org/changeset/base/268081
Log:
Remove any stale mbuf tags from packets being injected into a netgraph
graph. In particular, this solves some issues with (probably leaked)
IPSec-related tags being looped back through netgraph to the inbound
path which then misinterpreted the stale tags.
MFC after: 7 days
Modified:
head/sys/netgraph/ng_eiface.c
Modified: head/sys/netgraph/ng_eiface.c
==============================================================================
--- head/sys/netgraph/ng_eiface.c Tue Jul 1 07:30:29 2014
(r268080)
+++ head/sys/netgraph/ng_eiface.c Tue Jul 1 07:54:12 2014
(r268081)
@@ -236,6 +236,9 @@ ng_eiface_start2(node_p node, hook_p hoo
if (m == NULL)
break;
+ /* Peel the mbuf off any stale tags */
+ m_tag_delete_chain(m, NULL);
+
/*
* Berkeley packet filter.
* Pass packet to bpf if there is a listener.
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
