Re: [PATCH v2 net-next] bpf: fix cb access in socket filter programs

From: Alexei Starovoitov Date: Wed, 7 Oct 2015 10:55:41 -0700 > eBPF socket filter programs may see junk in 'u32 cb[5]' area, > since it could have been used by protocol layers earlier. > > For socket filter programs used in af_packet we need to clean > 20 bytes of skb->cb

[PATCH v2 net-next] bpf: fix cb access in socket filter programs

eBPF socket filter programs may see junk in 'u32 cb[5]' area, since it could have been used by protocol layers earlier. For socket filter programs used in af_packet we need to clean 20 bytes of skb->cb area if it could be used by the program. For programs attached to TCP/UDP sockets we need to