On 2/9/2023 12:05 PM, Shibin Koikkara Reeny wrote: > Integrate support for the AF_XDP CNI and device plugin [1] so that the > DPDK AF_XDP PMD can work in an unprivileged container environment. > Part of the AF_XDP PMD initialization process involves loading > an eBPF program onto the given netdev. This operation requires > privileges, which prevents the PMD from being able to work in an > unprivileged container (without root access). The plugin CNI handles > the program loading. CNI open Unix Domain Socket (UDS) and waits > listening for a client to make requests over that UDS. The client(DPDK) > connects and a "handshake" occurs, then the File Descriptor which points > to the XSKMAP associated with the loaded eBPF program is handed over > to the client. The client can then proceed with creating an AF_XDP > socket and inserting the socket into the XSKMAP pointed to by the > FD received on the UDS. > > A new vdev arg "use_cni" is created to indicate user wishes to run > the PMD in unprivileged mode and to receive the XSKMAP FD from the CNI. > When this flag is set, the XSK_LIBBPF_FLAGS__INHIBIT_PROG_LOAD libbpf flag > should be used when creating the socket, which tells libbpf not to load the > default libbpf program on the netdev. We tell libbpf not to do this because > the loading is handled by the CNI in this scenario. > > Patch include howto doc explain how to configure AF_XDP CNI to > working with DPDK. > > [1]: https://github.com/intel/afxdp-plugins-for-kubernetes > > Signed-off-by: Shibin Koikkara Reeny <shibin.koikkara.re...@intel.com>
btw, it is just a detail but if you will send a new version, can you please fix the patch title to remove the duplicated "af_xdp", it can be something like: net/af_xdp: support CNI integration
