Date: Tue, 1 Jul 2014 07:54:12 +0000 (UTC) From: Marko Zec <zec@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r268081 - head/sys/netgraph Message-ID: <201407010754.s617sClV023192@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zec Date: Tue Jul 1 07:54:12 2014 New Revision: 268081 URL: http://svnweb.freebsd.org/changeset/base/268081 Log: Remove any stale mbuf tags from packets being injected into a netgraph graph. In particular, this solves some issues with (probably leaked) IPSec-related tags being looped back through netgraph to the inbound path which then misinterpreted the stale tags. MFC after: 7 days Modified: head/sys/netgraph/ng_eiface.c Modified: head/sys/netgraph/ng_eiface.c ============================================================================== --- head/sys/netgraph/ng_eiface.c Tue Jul 1 07:30:29 2014 (r268080) +++ head/sys/netgraph/ng_eiface.c Tue Jul 1 07:54:12 2014 (r268081) @@ -236,6 +236,9 @@ ng_eiface_start2(node_p node, hook_p hoo if (m == NULL) break; + /* Peel the mbuf off any stale tags */ + m_tag_delete_chain(m, NULL); + /* * Berkeley packet filter. * Pass packet to bpf if there is a listener.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407010754.s617sClV023192>