[PATCH] NETWORKING: avoid use IPCB in cipso_v4_error

David Miller davem at davemloft.net
Mon Feb 25 01:33:10 UTC 2019

From: Nazarov Sergey <s-nazarov at yandex.ru>
Date: Fri, 22 Feb 2019 19:35:29 +0300

> I tried to analyze the cases of using icmp_send in kernel. It
> indirectly used by many protocols: ARP, IP, UDP, Netfilter, IPVS,
> IPIP, GRE over IP, CLIP, XFRM, CIPSOv4.  Different IP tunnels and
> XFRM operating directly over IP layer and if using own skb->cb data,
> having IP header data in front of it. CLIP uses icmp_send for
> packets from arp queue only.  So, If I right, only TCP layer moves
> IP header data and only CIPSOv4 operates on both IP and TCP layers
> now.


More information about the Linux-security-module-archive mailing list