[PATCH net-next 1/8] ipv4: cipso: Simplify IP options handling in cipso_v4_error()
Paul Moore
paul at paul-moore.com
Thu Sep 4 21:46:12 UTC 2025
On Mon, Sep 1, 2025 at 4:32 AM Ido Schimmel <idosch at nvidia.com> wrote:
>
> When __ip_options_compile() is called with an skb, the IP options are
> parsed from the skb data into the provided IP option argument. This is
> in contrast to the case where the skb argument is NULL and the options
> are parsed from opt->__data.
>
> Given that cipso_v4_error() always passes an skb to
> __ip_options_compile(), there is no need to allocate an extra 40 bytes
> (maximum IP options size).
>
> Therefore, simplify the function by removing these extra bytes and make
> the function similar to ipv4_send_dest_unreach() which also calls both
> __ip_options_compile() and __icmp_send().
>
> This is a preparation for changing the arguments being passed to
> __icmp_send().
>
> No functional changes intended.
>
> Reviewed-by: Petr Machata <petrm at nvidia.com>
> Signed-off-by: Ido Schimmel <idosch at nvidia.com>
> ---
> net/ipv4/cipso_ipv4.c | 13 ++++++-------
> 1 file changed, 6 insertions(+), 7 deletions(-)
Acked-by: Paul Moore <paul at paul-moore.com>
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list