November 20, 2025 at 03:53, "Jakub Sitnicki" <[email protected]
mailto:[email protected]?to=%22Jakub%20Sitnicki%22%20%3Cjakub%40cloudflare.com%3E
> wrote:
[...]
> > +/* The BPF program sets BPF_F_INGRESS on sk_msg to indicate data needs to
> > be
> > + * redirected to the ingress queue of a specified socket. Since
> > BPF_F_INGRESS is
> > + * defined in UAPI so that we can't extend this enum for our internal
> > flags. We
> > + * define some internal flags here while inheriting BPF_F_INGRESS.
> > + */
> > +enum {
> > + SK_MSG_F_INGRESS = BPF_F_INGRESS, /* (1ULL << 0) */
> > + /* internal flag */
> > + SK_MSG_F_INGRESS_SELF = (1ULL << 1)
> > +};
> > +
> >
> I'm wondering if we need additional state to track this.
> Can we track sk_msg's construted from skb's that were not redirected by
> setting `sk_msg.sk = sk` to indicate that the source socket is us in
> sk_psock_skb_ingress_self()?
Functionally, that would work. However, in that case, we would have to hold
a reference to sk until the sk_msg is read, which would delay the release of
sk. One concern is that if there is a bug in the read-side application, sk
might never be released.
> If not, then I'd just offset the internal flags like we do in
> net/core/filter.c, BPF_F_REDIRECT_INTERNAL.
I think we can try offsetting the internal flags.
