svn commit: r268081 - head/sys/netgraph
Marko Zec
zec at FreeBSD.org
Tue Jul 1 07:54:13 UTC 2014
Author: zec
Date: Tue Jul 1 07:54:12 2014
New Revision: 268081
URL: http://svnweb.freebsd.org/changeset/base/268081
Log:
Remove any stale mbuf tags from packets being injected into a netgraph
graph. In particular, this solves some issues with (probably leaked)
IPSec-related tags being looped back through netgraph to the inbound
path which then misinterpreted the stale tags.
MFC after: 7 days
Modified:
head/sys/netgraph/ng_eiface.c
Modified: head/sys/netgraph/ng_eiface.c
==============================================================================
--- head/sys/netgraph/ng_eiface.c Tue Jul 1 07:30:29 2014 (r268080)
+++ head/sys/netgraph/ng_eiface.c Tue Jul 1 07:54:12 2014 (r268081)
@@ -236,6 +236,9 @@ ng_eiface_start2(node_p node, hook_p hoo
if (m == NULL)
break;
+ /* Peel the mbuf off any stale tags */
+ m_tag_delete_chain(m, NULL);
+
/*
* Berkeley packet filter.
* Pass packet to bpf if there is a listener.
More information about the svn-src-head
mailing list