From 0c7fb5347cd38d724f34bacd8f4992a1ea9cc30d Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Sat, 21 Sep 2002 00:59:56 +0000
Subject: Insert a missing call to MAC protection check for delivering an mbuf
 to a bpf device.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
Submitted by:	phk
---
 sys/net/bpf.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'sys/net/bpf.c')

diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index f1943a45957a..eeee0a3831a1 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -1136,7 +1136,11 @@ bpf_mtap(ifp, m)
 		++d->bd_rcount;
 		slen = bpf_filter(d->bd_filter, (u_char *)m, pktlen, 0);
 		if (slen != 0)
-			catchpacket(d, (u_char *)m, pktlen, slen, bpf_mcopy);
+#ifdef MAC
+			if (mac_check_bpfdesc_receive(d, ifp) == 0)
+#endif
+				catchpacket(d, (u_char *)m, pktlen, slen,
+				    bpf_mcopy);
 		BPFD_UNLOCK(d);
 	}
 	BPFIF_UNLOCK(bp);
-- 
cgit v1.2.3