On 2/15/2023 4:30 PM, Shibin Koikkara Reeny wrote: > Integrate support for the AF_XDP CNI and device plugin [1] so that the > DPDK AF_XDP PMD can work in an unprivileged container environment. > Part of the AF_XDP PMD initialization process involves loading > an eBPF program onto the given netdev. This operation requires > privileges, which prevents the PMD from being able to work in an > unprivileged container (without root access). The plugin CNI handles > the program loading. CNI open Unix Domain Socket (UDS) and waits > listening for a client to make requests over that UDS. The client(DPDK) > connects and a "handshake" occurs, then the File Descriptor which points > to the XSKMAP associated with the loaded eBPF program is handed over > to the client. The client can then proceed with creating an AF_XDP > socket and inserting the socket into the XSKMAP pointed to by the > FD received on the UDS. > > A new vdev arg "use_cni" is created to indicate user wishes to run > the PMD in unprivileged mode and to receive the XSKMAP FD from the CNI. > When this flag is set, the XSK_LIBBPF_FLAGS__INHIBIT_PROG_LOAD libbpf flag > should be used when creating the socket, which tells libbpf not to load the > default libbpf program on the netdev. We tell libbpf not to do this because > the loading is handled by the CNI in this scenario. > > Patch include howto doc explain how to configure AF_XDP CNI to > working with DPDK. > > [1]: https://github.com/intel/afxdp-plugins-for-kubernetes > > Signed-off-by: Shibin Koikkara Reeny <shibin.koikkara.re...@intel.com>
Keeping tags from previous version, since change is only in documentation I believe they are still valid, please let me know if not, I can drop them in next-net: Tested-by: Anatoly Burakov <anatoly.bura...@intel.com> Reviewed-by: Qi Zhang <qi.z.zh...@intel.com> Acked-by: John McNamara <john.mcnam...@intel.com> Acked-by: Ferruh Yigit <ferruh.yi...@amd.com> Applied to dpdk-next-net/main, thanks.
