I am attaching the below program in the tc ingress as well as egress of veth host-side. I am able to get the proper cgroup id for ingress (egress from container) and the reverse path cgroup id is empty. How to get the cgroup id for ingress (veth host-side) tc hook?
SEC("simple")
int handle_ingress(struct __sk_buff *skb)
{
bpf_printk("tc: bpf_skb_cgroup_id:ox%llx", bpf_skb_cgroup_id(skb));
}
That information is not available on ingress. From the BPF helpers documentation:
This helper can be used on TC egress path, but not on ingress, and is available only if the kernel compiled with the
CONFIG_SOCK_CGROUP_DATAconfiguration option.