Remove any stale mbuf tags from packets being injected into a netgraph

graph. In particular, this solves some issues with (probably leaked) IPSec-related tags being looped back through netgraph to the inbound path which then misinterpreted the stale tags. MFC after: 7 days
author: zec <zec@FreeBSD.org> 2014-07-01 07:54:12 +0000
committer: zec <zec@FreeBSD.org> 2014-07-01 07:54:12 +0000
commit: abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9 (patch)
tree: b54ac8cb6540a4582b558edd1a1a62c4af431c24 /sys/netgraph
parent: ab0754e33952386823ad46811bc7f5b20130f3d0 (diff)
download: FreeBSD-src-abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9.zip
FreeBSD-src-abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netgraph/ng_eiface.c b/sys/netgraph/ng_eiface.c
index 98ecd44..a390e1b 100644
--- a/sys/netgraph/ng_eiface.c
+++ b/sys/netgraph/ng_eiface.c
@@ -236,6 +236,9 @@ ng_eiface_start2(node_p node, hook_p hook, void *arg1, int arg2)
 		if (m == NULL)
 			break;
 
+		/* Peel the mbuf off any stale tags */
+		m_tag_delete_chain(m, NULL);
+
 		/*
 		 * Berkeley packet filter.
 		 * Pass packet to bpf if there is a listener.
author	zec <zec@FreeBSD.org>	2014-07-01 07:54:12 +0000
committer	zec <zec@FreeBSD.org>	2014-07-01 07:54:12 +0000
commit	abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9 (patch)
tree	b54ac8cb6540a4582b558edd1a1a62c4af431c24 /sys/netgraph
parent	ab0754e33952386823ad46811bc7f5b20130f3d0 (diff)
download	FreeBSD-src-abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9.zip FreeBSD-src-abb6f937afbbe5a11fc0bc32bc8f6ec8d155f4d9.tar.gz