Thread (19 messages) 19 messages, 4 authors, 2025-09-04

Re: [PATCH net-next 1/8] ipv4: cipso: Simplify IP options handling in cipso_v4_error()

From: Paul Moore <paul@paul-moore.com>
Date: 2025-09-04 21:46:24
Also in: linux-security-module

On Mon, Sep 1, 2025 at 4:32 AM Ido Schimmel [off-list ref] wrote:
When __ip_options_compile() is called with an skb, the IP options are
parsed from the skb data into the provided IP option argument. This is
in contrast to the case where the skb argument is NULL and the options
are parsed from opt->__data.

Given that cipso_v4_error() always passes an skb to
__ip_options_compile(), there is no need to allocate an extra 40 bytes
(maximum IP options size).

Therefore, simplify the function by removing these extra bytes and make
the function similar to ipv4_send_dest_unreach() which also calls both
__ip_options_compile() and __icmp_send().

This is a preparation for changing the arguments being passed to
__icmp_send().

No functional changes intended.

Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
---
 net/ipv4/cipso_ipv4.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)
Acked-by: Paul Moore <paul@paul-moore.com>

-- 
paul-moore.com
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help