Hi I was assuming yes, since I've seen at least one module doing this. An example is nf_defrag_ipv6 (ipv6_defrag() calls nf_ct_frag6_gather() which calls NFCT_FRAG6_CB()). What confuses me is that the IPv6 subsystem seems to have its own control buffer: - ipv6_rcv() calls IP6CB(): http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L102 - then it calls the netfilter chain, which might include nf_defrag_ipv6: http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L186 - then ip6_rcv_finish() comes into play, which calls dst_input(), which might well call ip6_input(), which calls ip6_input_finish(). - ip6_input_finish() once again dereferences the IPv6 version of the control buffer: http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L219 If Netfilter modules are allowed to wash out control buffers, how does the IPv6 private data seems to be surviving the Netfilter chain? Thanks _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
