bpftime icon indicating copy to clipboard operation
bpftime copied to clipboard

Published 20 hours ago verified publisher icon eunomia-bpf

[QUESTION] Can I implement NAT with bpftime in no-privileged container

Open Charlie17Li opened this issue 1 year ago • 3 comments

For tradictional ebpf, I can implement NAT with xdp/tc. but these ways always require "root".

I want to know if I can implement NAT with bpftime in no-privileged container.

thanks for developing this exciting project.

Charlie17Li avatar Jul 31 '24 09:07 Charlie17Li

For tradictional ebpf, I can implement NAT with xdp/tc. but these ways always require "root".

I want to know if I can implement NAT with bpftime in no-privileged container.

thanks for developing this exciting project.

We didn't support network related features yet, currently we only support uprobe and syscall trace

But maybe using uprobes to hook syscall functions like socket, write, read, would work, but we haven't tested it yet

Officeyutong avatar Aug 01 '24 12:08 Officeyutong

We have examples using dpdk or possible using afxdp to run the network functions in xdp.

So part of the answer is yes, bpftime can help deploy these NAT to userspace.

But the dpdk and afxdp still needs root access.

yunwei37 avatar Aug 06 '24 14:08 yunwei37

You can find some code here and we will release more later: https://github.com/eunomia-bpf/XDP-eBPF-in-DPDK

yunwei37 avatar Aug 09 '24 06:08 yunwei37