On Thu, Jan 14, 2021 at 7:51 PM Stanislav Fomichev <sdf@xxxxxxxxxx> wrote: > > > > > > lock_sock(sock->sk); > > > err = __inet_stream_connect(sock, uaddr, addr_len, flags, 0); > > > > Similarly here, attaching fexit to __inet_stream_connect would execute > > your BPF program at exactly the same time (and then you can check for > > err value). > > > > Or the point here is to have a more "stable" BPF program type? > Good suggestion, I can try to play with it, I think it should give me > all the info I need (I only need sock). > But yeah, I'd rather prefer a stable interface against stable > __sk_buff, but maybe fexit will also work. Maybe we can add an extension to fentry/fexit that are cgroup scoped? I think this will solve many such cases.