[PATCH] NETWORKING: avoid use IPCB in cipso_v4_error
David Miller
davem at davemloft.net
Mon Feb 25 01:33:10 UTC 2019
From: Nazarov Sergey <s-nazarov at yandex.ru>
Date: Fri, 22 Feb 2019 19:35:29 +0300
> I tried to analyze the cases of using icmp_send in kernel. It
> indirectly used by many protocols: ARP, IP, UDP, Netfilter, IPVS,
> IPIP, GRE over IP, CLIP, XFRM, CIPSOv4. Different IP tunnels and
> XFRM operating directly over IP layer and if using own skb->cb data,
> having IP header data in front of it. CLIP uses icmp_send for
> packets from arp queue only. So, If I right, only TCP layer moves
> IP header data and only CIPSOv4 operates on both IP and TCP layers
> now.
Ok.
More information about the Linux-security-module-archive
mailing list