On Thu, Oct 15, 2020 at 06:43 AM CEST, John Fastabend wrote: [...] > Jakub, any opinions on if we should just throw an error if users try to > add a sock to a map with a parser but no verdict? At the moment we fall > through and add the socket, but it wont do any receive parsing/verdict. > At the moment I think its fine with above fix. The useful cases for RX > are parser+verdict, verdict, and empty. Where empty is just used for > redirects or other socket account tricks. Just something to keep in mind. IMO we should not fail because map updates can interleave with sk_skb prog attachments, like so: update_map(map_fd, sock_fd); attach_prog(parser_fd, map_fd, BPF_SK_SKB_STREAM_PARSER); update_map(map_fd, sock_fd); // OK attach_prog(verdict_fd, map_fd, BPF_SK_SKB_STREAM_VERDICT); update_map(map_fd, sock_fd); In practice, I would expect one process/thread to attach the programs, while another is allowed to update the map at the same time.
