On Fri, Feb 09, 2024 at 11:00:09AM -0800, Stanislav Fomichev wrote:
> Maybe we should instead remove "(!sk || !sk_fullsock(sk))" check from
> __cgroup_bpf_run_filter_skb? BPF_CGROUP_RUN_PROG_INET_EGRESS makes
> care of all those corner conditions. We just need to add those checks to
> BPF_CGROUP_RUN_PROG_INET_INGRESS.
>
> Let me also CC Kui-Feng, he was touching this part recently in commit
> 223f5f79f2ce ("bpf, net: Check skb ownership against full socket.").
Completely agree with this -- it would be best from a performance
standpoint. I will send out a v2 of this patch in a few hours.
