search

eunomia-bpf / bpftime

Userspace eBPF runtime for Observability, Network & General Extensions Framework
https://eunomia.dev/bpftime/
MIT License
833 stars 78 forks source link

[QUESTION] Can I implement NAT with bpftime in no-privileged container #316

Open Charlie17Li opened 3 months ago

Charlie17Li commented 3 months ago

For tradictional ebpf, I can implement NAT with xdp/tc. but these ways always require "root".

I want to know if I can implement NAT with bpftime in no-privileged container.

thanks for developing this exciting project.

Officeyutong commented 3 months ago

For tradictional ebpf, I can implement NAT with xdp/tc. but these ways always require "root".

I want to know if I can implement NAT with bpftime in no-privileged container.

thanks for developing this exciting project.

We didn't support network related features yet, currently we only support uprobe and syscall trace

But maybe using uprobes to hook syscall functions like socket, write, read, would work, but we haven't tested it yet

yunwei37 commented 3 months ago

We have examples using dpdk or possible using afxdp to run the network functions in xdp.

So part of the answer is yes, bpftime can help deploy these NAT to userspace.

But the dpdk and afxdp still needs root access.

yunwei37 commented 3 months ago

You can find some code here and we will release more later: https://github.com/eunomia-bpf/XDP-eBPF-in-DPDK