On Mon, Jul 28, 2025 at 06:18:11PM -0700, Martin KaFai Lau wrote:
> On 7/28/25 2:43 AM, Mahe Tardy wrote:
> > +SEC("cgroup_skb/egress")
> > +int egress(struct __sk_buff *skb)
> > +{
> > + void *data = (void *)(long)skb->data;
> > + void *data_end = (void *)(long)skb->data_end;
> > + struct iphdr *iph;
> > + struct tcphdr *tcph;
> > +
> > + iph = data;
> > + if ((void *)(iph + 1) > data_end || iph->version != 4 ||
> > + iph->protocol != IPPROTO_TCP || iph->daddr != bpf_htonl(SERVER_IP))
> > + return SK_PASS;
> > +
> > + tcph = (void *)iph + iph->ihl * 4;
> > + if ((void *)(tcph + 1) > data_end ||
> > + tcph->dest != bpf_htons(SERVER_PORT))
> > + return SK_PASS;
> > +
> > + kfunc_ret = bpf_icmp_send_unreach(skb, unreach_code);
> > +
> > + /* returns SK_PASS to execute the test case quicker */
>
> Do you know why the user space is slower if 0 (SK_DROP) is used?
I tried to write my understanding of this in the commit description:
"Note that the BPF program returns SK_PASS to let the connection being
established to finish the test cases quicker. Otherwise, you have to
wait for the TCP three-way handshake to timeout in the kernel and
retrieve the errno translated from the unreach code set by the ICMP
control message."
I added this comment because I already had some (offline) feedback that
this looked off, maybe I should develop and put this here directly.
>
> > + return SK_PASS;
>
