On 8/27/25 3:49 PM, Kuniyuki Iwashima wrote:
BTW, I'm thinking I should inherit flags from the listener
in sk_clone_lock() and disallow other bpf hooks.
Agree and I think in general this flag should be inherited to the child. It is
less surprising to the user.
Given the listener's flag and bpf hooks come from the
same cgroup, there is no point having other hooks.
iiuc, this will narrow down the use case to the create hook only? Sure, it can
start with the create hook if there is no use case for sock_ops. sock_ops can do
setsockopt differently based on the ip/port but I don't have a use case for now.
