On Tue, Jan 29, 2019 at 2:23 AM Nazarov Sergey <s-nazarov@xxxxxxxxx> wrote: > 29.01.2019, 01:18, "Paul Moore" <paul@xxxxxxxxxxxxxx>: > > If we don't pass a skb into ip_options_compile(), meaning both "skb" > > and "rt" will be NULL, then I don't believe the option data will > > change. Am I missing something? > > I mean, in cipso_v4_error we copy option data from skb before ip_options_compile call: > + memcpy(opt->__data, (unsigned char *)&(ip_hdr(skb)[1]), opt->optlen); > But skb IP header data could be already changed by first call of ip_options_compile > when packet received. There are several cases where the stack ends up calling icmp_send() after the skb has been through ip_options_compile(), that should be okay. -- paul moore www.paul-moore.com
