From 58d8fd049fa8663708264a17c4678b650f147d1d Mon Sep 17 00:00:00 2001 From: Marko Zec Date: Tue, 1 Jul 2014 07:54:12 +0000 Subject: [PATCH] Remove any stale mbuf tags from packets being injected into a netgraph graph. In particular, this solves some issues with (probably leaked) IPSec-related tags being looped back through netgraph to the inbound path which then misinterpreted the stale tags. MFC after: 7 days --- sys/netgraph/ng_eiface.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/netgraph/ng_eiface.c b/sys/netgraph/ng_eiface.c index 98ecd445aff5..a390e1bbc876 100644 --- a/sys/netgraph/ng_eiface.c +++ b/sys/netgraph/ng_eiface.c @@ -236,6 +236,9 @@ ng_eiface_start2(node_p node, hook_p hook, void *arg1, int arg2) if (m == NULL) break; + /* Peel the mbuf off any stale tags */ + m_tag_delete_chain(m, NULL); + /* * Berkeley packet filter. * Pass packet to bpf if there is a listener.