From: Kuniyuki Iwashima <kuniyu@google.com>
To: jrife@google.com
Cc: andrii@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net,
edumazet@google.com, kuba@kernel.org, martin.lau@linux.dev,
netdev@vger.kernel.org, sdf@fomichev.me,
willemdebruijn.kernel@gmail.com, yusuke.suzuki@isovalent.com
Subject: Re: [PATCH net-next v2 1/2] udp: Preserve UDP socket addresses on abort
Date: Wed, 4 Mar 2026 21:21:03 +0000 [thread overview]
Message-ID: <20260304212128.1943568-1-kuniyu@google.com> (raw)
In-Reply-To: <20260303170106.129698-2-jrife@google.com>
From: Jordan Rife <jrife@google.com>
Date: Tue, 3 Mar 2026 17:01:02 +0000
> Currently, udp_abort() invokes __udp_disconnect() which clears out
> socket fields like inet_daddr and inet_dport. This makes fields like
> dst_ip4, dst_ip6, and dst_port useless inside cgroup/sock_release BPF
> hooks following an abort on a connected UDP socket, since they'll always
> equal zero. This differs from the behavior for TCP sockets where a
> cgroup/sock_release hook will see the address and port that the socket
> was connected to at the time it was aborted. This causes issues in
> Cilium where a sock_release hook is used to perform map maintenance when
> sockets are released, since Cilium actively destroys connected UDP
> sockets in some cases.
Just curious why Cilium does not unregister the socket just
after aborting it ?
At least Cilium should know the key at that moment.
>
> Make the behavior consistent between TCP and UDP sockets by not clearing
This patch makes another inconsistency with TCP.
As you mentioned in the cover letter, before the patch, even if
aborted, a bound socket still reserves a port, but it does not now.
This might be surprising for non-reuseaddr/port sockets.
> out these fields in udp_abort(). Instead, just unhash the socket, mark
> its state as TCP_CLOSE, and preserve the state of the other fields.
>
> Fixes: f5836749c9c0 ("bpf: Add BPF_CGROUP_INET_SOCK_RELEASE hook")
> Reported-by: Yusuke Suzuki <yusuke.suzuki@isovalent.com>
> Signed-off-by: Jordan Rife <jrife@google.com>
> ---
> net/ipv4/udp.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
> index b96e47f1c8a2..01a0a0fbcd56 100644
> --- a/net/ipv4/udp.c
> +++ b/net/ipv4/udp.c
> @@ -3247,7 +3247,9 @@ int udp_abort(struct sock *sk, int err)
>
> sk->sk_err = err;
> sk_error_report(sk);
> - __udp_disconnect(sk, 0);
How about passing another flag and avoid unwanted init only for
bpf iterator ? This will need another layer of __udp_disconnect()
like ____udp_disconnect() (I'm not good at naming), or must make
sure the flag is never used in uAPI.
> + sk->sk_state = TCP_CLOSE;
> + sk->sk_prot->unhash(sk);
> + sk_dst_reset(sk);
>
> out:
> if (!has_current_bpf_ctx())
> --
> 2.53.0.473.g4a7958ca14-goog
>
next prev parent reply other threads:[~2026-03-04 21:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-03 17:01 [PATCH net-next v2 0/2] Preserve UDP socket addresses on abort Jordan Rife
2026-03-03 17:01 ` [PATCH net-next v2 1/2] udp: " Jordan Rife
2026-03-04 21:21 ` Kuniyuki Iwashima [this message]
2026-03-04 23:38 ` Willem de Bruijn
2026-03-04 23:52 ` Jordan Rife
2026-03-05 3:25 ` Kuniyuki Iwashima
2026-03-05 18:03 ` Jordan Rife
2026-03-05 19:31 ` Kuniyuki Iwashima
2026-03-05 23:18 ` Jordan Rife
2026-03-03 17:01 ` [PATCH net-next v2 2/2] selftests/bpf: Ensure dst addr/port are preserved after socket abort Jordan Rife
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260304212128.1943568-1-kuniyu@google.com \
--to=kuniyu@google.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=edumazet@google.com \
--cc=jrife@google.com \
--cc=kuba@kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=sdf@fomichev.me \
--cc=willemdebruijn.kernel@gmail.com \
--cc=yusuke.suzuki@isovalent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox