I want to run a userspace program to create AF_XDP socket and receive packet through this socket, But I must to use "sudo" to start my userspace program to load a kernelspace XDP filter program and create a MUM and AF_XDP socket with libbpf library now.
I want to know How to start userspace program which dont need "sudo" everytimes to receive packets?
Please give me some advice!!
Thanks a lot!!!

Hello @wshwb

So you will need to separate the loading of the XDP program (privileged op) for AF_XDP from the socket creation part (unprivileged op).

so you can use xdp-loader to load your xdp program attach it to your netdev and pin your xskmap.

and then leverage the XSK_LIBBPF_FLAGS__INHIBIT_PROG_LOAD in your program that creates the af_xdp socket and retrieve the xskmap fd using bpf_obj_get()

note: for an unprivileged process to use the xsk_map you will need to pin the map to a bpffs in a location other than: /sys/fs/bpf...

create a custom bpffs using:
mount bpffs <dir_path> -t bpf

make it shared
mount --make-shared <dir_path>

For references please see:

• CloudNativeDataPlane/cndp#283
• https://github.com/CloudNativeDataPlane/cndp/blob/main/lib/core/xskdev/xskdev.c#L862
• redhat-et/afxdp-network-operator#3

Thank you very much! @maryamtahhan

1. I have receive a simple and temporary solution xdp-project/xdp-tutorial#361 (comment) and I tried in advanced03-AF_XDP , it is really worked, So your advice is more general way, and I believe it works better. I will try in the future.
2. I found LDLIBRARY_PATH will fail if I set capability to my executable program, and I found another way to set dylink path in linux which is set -rpath in gcc.