fixup! Forbid use of SO_MARK in excluded cgroup

hulthe · hulthe · commit 720222a2f908 · 2026-01-22T09:49:13.000+01:00
diff --git a/mullvad-exclude/bpf/mullvad-exclude.cgroup-sock-create.bpf.c b/mullvad-exclude/bpf/mullvad-exclude.cgroup-sock-create.bpf.c
@@ -17,9 +17,5 @@ int mullvad_exclude_sock_create(struct bpf_sock *ctx) {
 // Forbid applications in the cgroup from setting SO_MARK and breaking split-tunneling.
 SEC("cgroup/setsockopt")
 int mullvad_exclude_deny_so_mark(struct bpf_sockopt *ctx) {
-    if (ctx->level == SOL_SOCKET && ctx->optname == SO_MARK) {
-        return 0; // forbid applications from setting SO_MARK
-    }
-
-    return 1;
+    return !(ctx->level == SOL_SOCKET && ctx->optname == SO_MARK);
 }
