Stanislav Fomichev <s...@google.com> [Tue, 2020-05-05 13:27 -0700]:
> We want to have a tighter control on what ports we bind to in
> the BPF_CGROUP_INET{4,6}_CONNECT hooks even if it means
> connect() becomes slightly more expensive. The expensive part
> comes from the fact that we now need to call inet_csk_get_port()
> that verifies that the port is not used and allocates an entry
> in the hash table for it.
>
> Since we can't rely on "snum || !bind_address_no_port" to prevent
> us from calling POST_BIND hook anymore, let's add another bind flag
> to indicate that the call site is BPF program.
>
> v2:
> * Update documentation (Andrey Ignatov)
> * Pass BIND_FORCE_ADDRESS_NO_PORT conditionally (Andrey Ignatov)
>
> Cc: Andrey Ignatov <r...@fb.com>
> Signed-off-by: Stanislav Fomichev <s...@google.com>
Thanks. LGMT.
Acked-by: Andrey Ignatov <r...@fb.com>
--
Andrey Ignatov
