nf_defrag_ipv6 restores the control buffer when it's done: http://lxr.free-electrons.com/source/net/ipv6/reassembly.c?v=3.17#L491 Considering future kernel might change the IPv6 control buffer and the stuff it expects to survive the Netfilter chain, editing it within a Netfilter module sounds like a really bad idea. On Tue, Dec 23, 2014 at 4:49 PM, Alberto Leiva <ydahhrk@xxxxxxxxx> wrote: > Hi > > I was assuming yes, since I've seen at least one module doing this. An > example is nf_defrag_ipv6 (ipv6_defrag() calls nf_ct_frag6_gather() > which calls NFCT_FRAG6_CB()). > > What confuses me is that the IPv6 subsystem seems to have its own > control buffer: > > - ipv6_rcv() calls IP6CB(): > http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L102 > - then it calls the netfilter chain, which might include > nf_defrag_ipv6: > http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L186 > - then ip6_rcv_finish() comes into play, which calls dst_input(), > which might well call ip6_input(), which calls ip6_input_finish(). > - ip6_input_finish() once again dereferences the IPv6 version of the > control buffer: > http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L219 > > If Netfilter modules are allowed to wash out control buffers, how does > the IPv6 private data seems to be surviving the Netfilter chain? > > Thanks _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
