[PATCH net-next 1/8] ipv4: cipso: Simplify IP options handling in cipso_v4_error()
David Ahern
dsahern at kernel.org
Tue Sep 2 02:36:44 UTC 2025
On 9/1/25 2:30 AM, Ido Schimmel wrote:
> When __ip_options_compile() is called with an skb, the IP options are
> parsed from the skb data into the provided IP option argument. This is
> in contrast to the case where the skb argument is NULL and the options
> are parsed from opt->__data.
>
> Given that cipso_v4_error() always passes an skb to
> __ip_options_compile(), there is no need to allocate an extra 40 bytes
> (maximum IP options size).
>
> Therefore, simplify the function by removing these extra bytes and make
> the function similar to ipv4_send_dest_unreach() which also calls both
> __ip_options_compile() and __icmp_send().
>
> This is a preparation for changing the arguments being passed to
> __icmp_send().
>
> No functional changes intended.
>
> Reviewed-by: Petr Machata <petrm at nvidia.com>
> Signed-off-by: Ido Schimmel <idosch at nvidia.com>
> ---
> net/ipv4/cipso_ipv4.c | 13 ++++++-------
> 1 file changed, 6 insertions(+), 7 deletions(-)
>
Reviewed-by: David Ahern <dsahern at kernel.org>
More information about the Linux-security-module-archive
mailing list