From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-170.mta1.migadu.com (out-170.mta1.migadu.com [95.215.58.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 12E5CB665 for ; Thu, 28 Aug 2025 00:06:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756339618; cv=none; b=lb8QDsvJFRdo3OIfSzDtRAwHfNk5U/0yms94rAR0tsjdyND/DXy7Y6J+uLVk961AWS8ijGwMaoEm8RuDPspLzPdTWOGDY2WP/fyr+dOJ++ENhaymeoGVrvfLDj2LmeZSAMXdzoJxG+iBFs9ZAlcEO4iICjGbMR7lSNx/TuPdnPU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756339618; c=relaxed/simple; bh=/BH+2LaqqrXTlr6Er7h9zOFOcR6chXoGcn1omObe0Zs=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=fZH+7bYiYUyXAdJ0TQAowsPP0/vwgxYux+NSznLAmcO9EIwo+00/sMR3VRRb/VDS+FFIHjj8NruE+0s5igSebcU6/mempXD0FbAwm8BskZsmLvEYMkajCMIIoycC8s6CK7+ffYi3vVQdY6dwnSrxPA3OnvgmBZ3rmQ4+w/gb2XE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=v9ZDs7zk; arc=none smtp.client-ip=95.215.58.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="v9ZDs7zk" Message-ID: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1756339605; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UqJPbr5uTMudwBOyBnBf81tu086UZwu8xK2Zx9ec5IQ=; b=v9ZDs7zkqx2zjHhRyZQM+rowHDQHVhS2x+WrvS7sdxbibcF+OMOlvMzHQH5T776w+N1GPl 2WsbJyoy54vPwQXHL/zulP9dxCeNlpJRe8ja2zaxf4HKVDYqNtuVwpq1kiMG0VIkA9g/fW GuMDOhki4/NWUPx6XAOVXLhA+qauUFc= Date: Wed, 27 Aug 2025 17:06:36 -0700 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Subject: Re: [PATCH v3 bpf-next/net 2/5] bpf: Support bpf_setsockopt() for BPF_CGROUP_INET_SOCK_CREATE. To: Kuniyuki Iwashima Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , John Fastabend , Stanislav Fomichev , Johannes Weiner , Michal Hocko , Roman Gushchin , Shakeel Butt , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Neal Cardwell , Willem de Bruijn , Mina Almasry , Kuniyuki Iwashima , bpf@vger.kernel.org, netdev@vger.kernel.org References: <20250826183940.3310118-1-kuniyu@google.com> <20250826183940.3310118-3-kuniyu@google.com> Content-Language: en-US X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Martin KaFai Lau In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Migadu-Flow: FLOW_OUT On 8/27/25 3:49 PM, Kuniyuki Iwashima wrote: > BTW, I'm thinking I should inherit flags from the listener > in sk_clone_lock() and disallow other bpf hooks. Agree and I think in general this flag should be inherited to the child. It is less surprising to the user. > > Given the listener's flag and bpf hooks come from the > same cgroup, there is no point having other hooks. iiuc, this will narrow down the use case to the create hook only? Sure, it can start with the create hook if there is no use case for sock_ops. sock_ops can do setsockopt differently based on the ip/port but I don't have a use case for now.