[dnsdist] eBPF filtering

Remi Gacogne remi.gacogne at powerdns.com
Mon Nov 4 13:31:29 UTC 2024


Hello Aleš,

On 31/10/2024 10:11, Aleš Rygl via dnsdist wrote:
> Would it be possible that the entry for ePBF block somehow persisted in 
> the kernel and was not deleted for some reason?

It is likely that eBPF blocks sometimes linger a bit longer than you 
might expect: for performance reasons we are only removing eBPF entries 
from the map every "setDynBlocksPurgeInterval" seconds (default is 60s). 
But they should not remain longer than that, no, if they are it's a bug.

> Is it possible do list somehow the eBPF objects manualy?

Running bpf:getStats() from the console should return all entries. It 
gets the list from the kernel so it should even see entries that it did 
not expect to find.
You can also see them with bpftool:
- sudo bpftool map will return all BPF maps in the system. The ones 
created by dnsdist will have "pids dnsdist", and the one keeping IPv4 
entries has a 4B key ("key 4B"). Note the ID of the map then
- sudo bpftool map dump id <ID> will give you the content of the map

For example here:

$ sudo bpftool map
36: hash  flags 0x0
	key 4B  value 8B  max_entries 1024  memlock 84480B
	pids dnsdist(28366)
37: hash  flags 0x0
	key 16B  value 8B  max_entries 1024  memlock 92800B
	pids dnsdist(28366)
38: hash  flags 0x0
	key 255B  value 16B  max_entries 1024  memlock 350720B
	pids dnsdist(28366)
39: prog_array  flags 0x0
	key 4B  value 4B  max_entries 1  memlock 272B
	owner_prog_type socket_filter  owner jited
	pids dnsdist(28366)

The one I want has ID 36, so:

$ sudo bpftool  map dump id 36
key: 01 02 00 c0  value: 00 00 00 00 00 00 00 00
Found 1 element

It has only one entry, whose key is the IPv4 in network byte order, so 
192.0.2.1.

> What happens if there are active eBPF blocks and dnsdist is restarted 
> (or dies)? Are all of them cleared from the kernel-space?

Yes, they are cleared. Unless you explicitly ask dnsdist to pin the maps 
to a filesystem path (see the "ipv4PinnedPath" parameters of 
"newBPFFilter", for example) which makes them persistent across restarts.

Hope that helps,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20241104/d83a74af/attachment.sig>


More information about the dnsdist mailing list