diff options
author | zec <zec@FreeBSD.org> | 2014-07-01 07:54:12 +0000 |
---|---|---|
committer | zec <zec@FreeBSD.org> | 2014-07-01 07:54:12 +0000 |
commit | abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9 (patch) | |
tree | b54ac8cb6540a4582b558edd1a1a62c4af431c24 /sys/netgraph | |
parent | ab0754e33952386823ad46811bc7f5b20130f3d0 (diff) | |
download | FreeBSD-src-abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9.zip FreeBSD-src-abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9.tar.gz |
Remove any stale mbuf tags from packets being injected into a netgraph
graph. In particular, this solves some issues with (probably leaked)
IPSec-related tags being looped back through netgraph to the inbound
path which then misinterpreted the stale tags.
MFC after: 7 days
Diffstat (limited to 'sys/netgraph')
-rw-r--r-- | sys/netgraph/ng_eiface.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netgraph/ng_eiface.c b/sys/netgraph/ng_eiface.c index 98ecd44..a390e1b 100644 --- a/sys/netgraph/ng_eiface.c +++ b/sys/netgraph/ng_eiface.c @@ -236,6 +236,9 @@ ng_eiface_start2(node_p node, hook_p hook, void *arg1, int arg2) if (m == NULL) break; + /* Peel the mbuf off any stale tags */ + m_tag_delete_chain(m, NULL); + /* * Berkeley packet filter. * Pass packet to bpf if there is a listener. |