Conventional cloud network virtualization sends packets through multiple guest and host layers, inflating CPU cost and tail latency. Shared host datapaths collapse this layering into one optimized path across tenants, but existing shared stacks are fixed-function: tenants cannot specialize their protocols. eBPF is the natural vehicle for restoring programmability to a shared datapath, but today's extensions are hook-sized, and its verifier provides safety -- not performance isolation: one tenant's per-packet work can inflate every other tenant's tail latency. Chamelio is a programmable shared network stack that lets tenants implement full protocols through a bounded eBPF fast path and a tenant slow path, while approaching the performance and preserving the strong isolation of fixed shared stacks. It combines three ideas: a shared-stack architecture for tenant-defined protocols; joint optimisation of tenant handlers with provider infrastructure and co-resident tenants in the shared fast path; and a bounded fast path contract with runtime cycle accounting that keeps tenant programmability compatible with strong performance isolation. A tenant programmable TCP on Chamelio reaches 9.2 Mreq/s, matching the hand-tuned TAS stack; joint compilation shrinks the programmability tax from 23.9% to 3.8%; and under a scaling TCP adversary that drives uninstrumented stacks to 154 microseconds, Chamelio bounds victim tail latency at 46 microseconds.

翻译：传统云网络虚拟化通过多个客户机与主机层传输数据包，导致CPU开销和尾部延迟膨胀。共享主机数据路径将这种分层结构整合为跨租户的一条优化路径，但现有共享栈功能固定：租户无法定制其协议。eBPF是恢复共享数据路径可编程性的自然载体，但现有扩展受限于钩子粒度，其验证器仅提供安全性而非性能隔离：某个租户的每包工作可能导致其他租户尾部延迟膨胀。Chamelio是一种可编程共享网络栈，允许租户通过受限的eBPF快速路径和租户慢速路径实现完整协议，同时接近固定共享栈的性能并保持强隔离性。它融合了三项设计：面向租户定义协议的共享栈架构；在共享快速路径中联合优化租户处理程序、提供商基础设施及同驻租户；以及具备运行时周期记账的受限快速路径契约，使租户可编程性与强性能隔离兼容。在Chamelio上实现的可编程TCP达到9.2 Mreq/s，与手工优化的TAS栈持平；联合编译将可编程性开销从23.9%降至3.8%；面对驱动非检测栈尾部延迟达154微秒的扩展型TCP攻击者，Chamelio将受害端尾部延迟限制在46微秒。