Hi Alexei,
I've just been auditing the sockopt code, and bpfilter looks really odd. Both getsockopts and setsockopt eventually end up in__bpfilter_process_sockopt, which then passes record to the userspace helper containing the address of the optval buffer. Which depending on bpf-cgroup might be in user or kernel space. But even if it is in userspace it would be in a different process than the bpfiler helper. What makes all this work?
