[PATCH net-next v2 1/8] ipv4: cipso: Simplify IP options handling in cipso_v4_error()
Eric Dumazet
edumazet at google.com
Mon Sep 8 07:51:12 UTC 2025
On Mon, Sep 8, 2025 at 12:35 AM Ido Schimmel <idosch at nvidia.com> wrote:
>
> When __ip_options_compile() is called with an skb, the IP options are
> parsed from the skb data into the provided IP option argument. This is
> in contrast to the case where the skb argument is NULL and the options
> are parsed from opt->__data.
>
> Given that cipso_v4_error() always passes an skb to
> __ip_options_compile(), there is no need to allocate an extra 40 bytes
> (maximum IP options size).
>
> Therefore, simplify the function by removing these extra bytes and make
> the function similar to ipv4_send_dest_unreach() which also calls both
> __ip_options_compile() and __icmp_send().
>
> This is a preparation for changing the arguments being passed to
> __icmp_send().
>
> No functional changes intended.
>
> Reviewed-by: Petr Machata <petrm at nvidia.com>
> Reviewed-by: David Ahern <dsahern at kernel.org>
> Acked-by: Paul Moore <paul at paul-moore.com>
> Signed-off-by: Ido Schimmel <idosch at nvidia.com>
Reviewed-by: Eric Dumazet <edumazet at google.com>
More information about the Linux-security-module-archive
mailing list