<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">Hi Shibin<br>
      <br>
      No problem. <br>
      <br>
      Answer below.<br>
      <br>
      BR<br>
      Maryam<br>
    </div>
    <div class="moz-cite-prefix">On 30/11/2023 13:56, Koikkara Reeny,
      Shibin wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:DM6PR11MB3995A6E5195D52EB3559E4B9A282A@DM6PR11MB3995.namprd11.prod.outlook.com">
      <pre class="moz-quote-pre" wrap="">Hi Maryam,

I have one more question.

Regards,
Shibin

</pre>
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap="">-----Original Message-----
From: Koikkara Reeny, Shibin <a class="moz-txt-link-rfc2396E" href="mailto:shibin.koikkara.reeny@intel.com"><shibin.koikkara.reeny@intel.com></a>
Sent: Thursday, November 30, 2023 12:14 PM
To: Tahhan, Maryam <a class="moz-txt-link-rfc2396E" href="mailto:mtahhan@redhat.com"><mtahhan@redhat.com></a>; <a class="moz-txt-link-abbreviated" href="mailto:ferruh.yigit@amd.com">ferruh.yigit@amd.com</a>;
<a class="moz-txt-link-abbreviated" href="mailto:stephen@networkplumber.org">stephen@networkplumber.org</a>; <a class="moz-txt-link-abbreviated" href="mailto:lihuisong@huawei.com">lihuisong@huawei.com</a>;
<a class="moz-txt-link-abbreviated" href="mailto:fengchengwen@huawei.com">fengchengwen@huawei.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:liuyonglong@huawei.com">liuyonglong@huawei.com</a>
Cc: <a class="moz-txt-link-abbreviated" href="mailto:dev@dpdk.org">dev@dpdk.org</a>; Tahhan, Maryam <a class="moz-txt-link-rfc2396E" href="mailto:mtahhan@redhat.com"><mtahhan@redhat.com></a>
Subject: RE: [v1] net/af_xdp: enable a sock path alongside use_cni

Hi Maryam,

I have added some suggestion below.

Regrads,
Shibin</pre>
      </blockquote>
    </blockquote>
    <br>
    <pre class="moz-quote-pre" wrap=""><span style="white-space: normal">[snip]</span></pre>
    <blockquote type="cite"
cite="mid:DM6PR11MB3995A6E5195D52EB3559E4B9A282A@DM6PR11MB3995.namprd11.prod.outlook.com">
      <blockquote type="cite">
        <pre class="moz-quote-pre" wrap=""><span
        style="white-space: normal">
</span></pre>
        <blockquote type="cite">
          <pre class="moz-quote-pre" wrap="">
 Prerequisites
@@ -224,7 +225,6 @@ Howto run dpdk-testpmd with CNI plugin:
           capabilities:
              add:
                - CAP_NET_RAW
-               - CAP_BPF
</pre>
        </blockquote>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">
Why the CAP_BPF is removed?</pre>
    </blockquote>
    <p><br>
    </p>
    <p>Good question. It's removed because in our case CAP_BPF is only
      needed when we want to load or unload the XDP program on the
      interface inside the Pod. In our case the CNI is loading the xdp
      program on the interface and then we are doing a handshake to get
      the xskmap file descriptor and so we don't need the CAP_BPF. <br>
      <br>
      You will find a detailed listing of the permissions used at
      different stages when utilizing an XDP prog in this article
      <a class="moz-txt-link-freetext" href="https://next.redhat.com/2023/07/18/using-ebpf-in-unprivileged-pods/">https://next.redhat.com/2023/07/18/using-ebpf-in-unprivileged-pods/</a>
      <br>
      <br>
      I'm currently also working on enabling pinned map sharing with the
      af_xdp vdev eal arguments so we can integrate with bpfman for
      centralized BPF program lifecycle management [currently under
      test]. <br>
    </p>
    <span style="white-space: normal">[snip]</span>
  </body>
</html>