22.01.2019, 19:49, "Paul Moore" <paul@xxxxxxxxxxxxxx>: > > Granted I'm looking at this rather quickly, so I may be missing > something, but why the changes to ip_options_compile()? Couldn't you > simply set opt->data manually (set the ptr) in cipso_v4_error() before > calling ip_options_compile() and arrive at the same result without > having to modify ip_options_compile()? I suppose there is the rtable > value to worry about, but ip_options_echo() should take care of that, > yes? No? ip_options_compile calls icmp_send, if someting wrong. So, we'll go back to trying to fix. ip_options_compile changes needed to avoid this.
