Is it all right for Netfilter modules to use control buffers (skb->cb)?
Alberto Leiva
ydahhrk at gmail.com
Tue Dec 23 17:49:09 EST 2014
Hi
I was assuming yes, since I've seen at least one module doing this. An
example is nf_defrag_ipv6 (ipv6_defrag() calls nf_ct_frag6_gather()
which calls NFCT_FRAG6_CB()).
What confuses me is that the IPv6 subsystem seems to have its own
control buffer:
- ipv6_rcv() calls IP6CB():
http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L102
- then it calls the netfilter chain, which might include
nf_defrag_ipv6:
http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L186
- then ip6_rcv_finish() comes into play, which calls dst_input(),
which might well call ip6_input(), which calls ip6_input_finish().
- ip6_input_finish() once again dereferences the IPv6 version of the
control buffer:
http://lxr.free-electrons.com/source/net/ipv6/ip6_input.c?v=3.17#L219
If Netfilter modules are allowed to wash out control buffers, how does
the IPv6 private data seems to be surviving the Netfilter chain?
Thanks
More information about the Kernelnewbies
mailing list