How to run AF_XDP program without root privileges?

[Baruch-Fridman]

I want to run a userspace program to create AF_XDP socket and receive packet through this socket, but withput "sudo" and/or sysadmin capillitia.
It is possible?
I tried this xdp-project/xdp-tools#320 (comment) https://next.redhat.com/2023/07/18/using-ebpf-in-unprivileged-pods/ solution on ubuntu 22.04 kernel v6.5 but it doesn't work.
any idea?

[tohojo]

Baruch-Fridman ***@***.***> writes:

I want to run a userspace program to create AF_XDP socket and receive packet through this socket, but withput "sudo" and/or sysadmin capillitia. It is possible?

Not natively, no. Using AF_XDP requires loading an XDP program, which is a privileged operation. There have been various attempts at creating a policy daemon that can do this on behalf of applications, but I don't believe any of them have really matured yet...

[Baruch-Fridman]

Baruch-Fridman @.***> writes:
I want to run a userspace program to create AF_XDP socket and receive packet through this socket, but withput "sudo" and/or sysadmin capillitia. It is possible?
Not natively, no. Using AF_XDP requires loading an XDP program, which is a privileged operation. There have been various attempts at creating a policy daemon that can do this on behalf of applications, but I don't believe any of them have really matured yet...

Thanks
I found this https://www.spinics.net/lists/netdev/msg705394.html, but I haven't actually checked yet.
here is an example https://github.com/xdp-project/xdp-tools/blob/master/lib/libxdp/tests/test_xsk_non_privileged.c
and also here

bpf-examples/AF_XDP-example/xdpsock.c

Line 1172 in 5343ed3

" -R, --reduce-cap Use reduced capabilities (cannot be used with -M)\n"