Proposal
Cgroup hooks are primarily used for pname-based routing (e.g., pname(NetworkManager) -> direct). If no pname-based routing rules are defined, there is little justification for attaching cgroup hooks.
Another use of pname/pid is in the pid_is_control_plane check within wan_egress, which results in a must_direct verdict for Dae traffic. When a nonzero so_mark_from_dae is configured, we can alternatively rely on skb->mark to serve the same purpose.
Therefore, this issue proposes skipping cgroup hook attachment when:
- No pname-based routing is defined.
- A nonzero so_mark_from_dae is set.
Use Cases
ditto
Potential Benefits
Lower system source usage
Scope
No response
Reference
No response
Implementation
No response
Proposal
Cgroup hooks are primarily used for pname-based routing (e.g., pname(NetworkManager) -> direct). If no pname-based routing rules are defined, there is little justification for attaching cgroup hooks.
Another use of pname/pid is in the
pid_is_control_planecheck within wan_egress, which results in a must_direct verdict for Dae traffic. When a nonzeroso_mark_from_daeis configured, we can alternatively rely on skb->mark to serve the same purpose.Therefore, this issue proposes skipping cgroup hook attachment when:
Use Cases
ditto
Potential Benefits
Lower system source usage
Scope
No response
Reference
No response
Implementation
No response