bpf: host: sanitize whole skb->cb in to-netdev

cilium / cilium

eBPF-based Networking, Security, and Observability

https://cilium.io

Apache License 2.0

19.16k stars 2.78k forks source link

Closed julianwiedmann closed 1 week ago

julianwiedmann commented 1 week ago

We can't trust the cb if a packet passed through the network stack. Instead of selectively clearing cb slots, just clear the whole array.

julianwiedmann commented 1 week ago

/test