Richard Weinberger <richard@xxxxxxxxxxxxx> wrote: > Maybe I have wrong expectations. > e.g. I expected that sock_net_uid() will return 1000 when > uid 1000 does something like: unshare -Umr followed by a veth connection > to the host (initial user/net namespace). > Shouldn't on the host side a forwarded skb have a ->dev that belongs uid > 1000's net namespace? You mean skb->sk? dev doesn't make much sense in this context to me. Else, please clarify. ip stack orphans incoming skbs, i.e. skb->sk is gone, see skb_orphan() call in ip_rcv_core(). So when packet enters init_net prerouting hook, association with originating netns or sk is not present anymore.
