On Tue, Dec 13, 2022 at 10:47:46AM +0000, Koikkara Reeny, Shibin wrote: > From: Shibin Koikkara Reeny <shibin.koikkara.re...@intel.com> > > Integrate support for the AF_XDP CNI and device plugin so that the > DPDK AF_XDP PMD can work in an unprivileged container environment. > Part of the AF_XDP PMD initialization process involves loading > an eBPF program onto the given netdev. This operation requires > privileges, which prevents the PMD from being able to work in an > unprivileged container (without root access). The plugin CNI handles > the program loading. CNI open Unix Domain Socket (UDS) and waits > listening for a client to make requests over that UDS. The client(DPDK) > connects and a "handshake" occurs, then the File Descriptor which points > to the XSKMAP associated with the loaded eBPF program is handed over > to the client. The client can then proceed with creating an AF_XDP > socket and inserting the socket into the XSKMAP pointed to by the > FD received on the UDS. > > A new vdev arg "use_cni" is created to indicate user wishes to run > the PMD in unprivileged mode and to receive the XSKMAP FD from the CNI. > When this flag is set, the XSK_LIBBPF_FLAGS__INHIBIT_PROG_LOAD libbpf flag > should be used when creating the socket, which tells libbpf not to load the > default libbpf program on the netdev. We tell libbpf not to do this because > the loading is handled by the CNI in this scenario. > > Signed-off-by: Shibin Koikkara Reeny <shibin.koikkara.re...@intel.com> > --- > drivers/net/af_xdp/rte_eth_af_xdp.c | 337 +++++++++++++++++++++++++++- > 1 file changed, 325 insertions(+), 12 deletions(-) > Hi Shibhin,
this support sounds really interesting, but I think the patch needs to include documentation updates on how to set up and use this feature. No need to duplicate instructions that may be already given in the CNI/plugin docs, but we need to at least reference those from our docs to ensure end users can quickly find out how to work with this. Thanks, /Bruce
