November 20, 2025 at 03:53, "Jakub Sitnicki" <jakub@cloudflare.com mailto:jakub@cloudflare.com?to=%22Jakub%20Sitnicki%22%20%3Cjakub%40cloudflare.com%3E > wrote:
[...]
+/* The BPF program sets BPF_F_INGRESS on sk_msg to indicate data needs to be
- redirected to the ingress queue of a specified socket. Since BPF_F_INGRESS is
- defined in UAPI so that we can't extend this enum for our internal flags. We
- define some internal flags here while inheriting BPF_F_INGRESS.
- */
+enum {
- SK_MSG_F_INGRESS = BPF_F_INGRESS, /* (1ULL << 0) */
- /* internal flag */
- SK_MSG_F_INGRESS_SELF = (1ULL << 1)
+};
I'm wondering if we need additional state to track this. Can we track sk_msg's construted from skb's that were not redirected by setting `sk_msg.sk = sk` to indicate that the source socket is us in sk_psock_skb_ingress_self()?
Functionally, that would work. However, in that case, we would have to hold a reference to sk until the sk_msg is read, which would delay the release of sk. One concern is that if there is a bug in the read-side application, sk might never be released.
If not, then I'd just offset the internal flags like we do in net/core/filter.c, BPF_F_REDIRECT_INTERNAL.
I think we can try offsetting the internal flags.