I am currently writing an eBPF program in C to track egress network packets using tc-bpf. The program has its definition as follows:
SEC("classifier")int bpf_tc_sample(struct __sk_buff *skb) { [...] return TC_ACT_OK;}In my program, I need to get the socket associated with the sock of the socket buffer.If the type of the socket buffer would have been struct sk_buff this could have been done by accessing skb->sk->sk_socket. In this case, the type of skb->sk is struct bpf_sock and not struct sock which does not contain an entry for sk_socket.
Could anyone please let me know whether there is a way to access the struct socket field from a struct __sk_buff entry in an eBPF program, either through a BPF helper or via using a kprobe.Any insight will be appreciated.