On 10/25/16 5:01 PM, Daniel Borkmann wrote:
>> diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
>> index a0ab43f264b0..918c01a6f129 100644
>> --- a/kernel/bpf/cgroup.c
>> +++ b/kernel/bpf/cgroup.c
>> @@ -117,6 +117,19 @@ void __cgroup_bpf_update(struct cgroup *cgrp,
>> }
>> }
>>
>> +static int __cgroup_bpf_run_filter_skb(struct sk_buff *skb,
>> + struct bpf_prog *prog)
>> +{
>> + unsigned int offset = skb->data - skb_network_header(skb);
>> + int ret;
>> +
>> + __skb_push(skb, offset);
>> + ret = bpf_prog_run_clear_cb(prog, skb) == 1 ? 0 : -EPERM;
>
> Original code save skb->cb[], this one clears it.
>
ah, it changed in Daniel's v6 to v7 code and I missed it. Will fix. Thanks for
pointing it out.
