How to run AF_XDP program without root privileges?

[Baruch-Fridman]

I want to run a userspace program to create AF_XDP socket and receive packet through this socket, but withput "sudo" and/or sysadmin capillitia. It is possible? I tried this https://github.com/xdp-project/xdp-tools/issues/320#issuecomment-1542338789 https://next.redhat.com/2023/07/18/using-ebpf-in-unprivileged-pods/ solution on ubuntu 22.04 kernel v6.5 but it doesn't work. any idea?

[tohojo]

Baruch-Fridman @.***> writes:

I want to run a userspace program to create AF_XDP socket and receive packet through this socket, but withput "sudo" and/or sysadmin capillitia. It is possible?

Not natively, no. Using AF_XDP requires loading an XDP program, which is a privileged operation. There have been various attempts at creating a policy daemon that can do this on behalf of applications, but I don't believe any of them have really matured yet...

[Baruch-Fridman]

Baruch-Fridman @.***> writes: I want to run a userspace program to create AF_XDP socket and receive packet through this socket, but withput "sudo" and/or sysadmin capillitia. It is possible? Not natively, no. Using AF_XDP requires loading an XDP program, which is a privileged operation. There have been various attempts at creating a policy daemon that can do this on behalf of applications, but I don't believe any of them have really matured yet...

Thanks I found this https://www.spinics.net/lists/netdev/msg705394.html, but I haven't actually checked yet. here is an example https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/tests/test_xsk_non_privileged.c and also here https://github.com/xdp-project/bpf-examples/blob/5343ed3377471c7b7ef2237526c8bdc0f00a0cef/AF_XDP-example/xdpsock.c#L1172