[dnsdist] eBPF filtering
Remi Gacogne
remi.gacogne at powerdns.com
Mon Nov 4 13:31:29 UTC 2024
Hello Aleš,
On 31/10/2024 10:11, Aleš Rygl via dnsdist wrote:
> Would it be possible that the entry for ePBF block somehow persisted in
> the kernel and was not deleted for some reason?
It is likely that eBPF blocks sometimes linger a bit longer than you
might expect: for performance reasons we are only removing eBPF entries
from the map every "setDynBlocksPurgeInterval" seconds (default is 60s).
But they should not remain longer than that, no, if they are it's a bug.
> Is it possible do list somehow the eBPF objects manualy?
Running bpf:getStats() from the console should return all entries. It
gets the list from the kernel so it should even see entries that it did
not expect to find.
You can also see them with bpftool:
- sudo bpftool map will return all BPF maps in the system. The ones
created by dnsdist will have "pids dnsdist", and the one keeping IPv4
entries has a 4B key ("key 4B"). Note the ID of the map then
- sudo bpftool map dump id <ID> will give you the content of the map
For example here:
$ sudo bpftool map
36: hash flags 0x0
key 4B value 8B max_entries 1024 memlock 84480B
pids dnsdist(28366)
37: hash flags 0x0
key 16B value 8B max_entries 1024 memlock 92800B
pids dnsdist(28366)
38: hash flags 0x0
key 255B value 16B max_entries 1024 memlock 350720B
pids dnsdist(28366)
39: prog_array flags 0x0
key 4B value 4B max_entries 1 memlock 272B
owner_prog_type socket_filter owner jited
pids dnsdist(28366)
The one I want has ID 36, so:
$ sudo bpftool map dump id 36
key: 01 02 00 c0 value: 00 00 00 00 00 00 00 00
Found 1 element
It has only one entry, whose key is the IPv4 in network byte order, so
192.0.2.1.
> What happens if there are active eBPF blocks and dnsdist is restarted
> (or dies)? Are all of them cleared from the kernel-space?
Yes, they are cleared. Unless you explicitly ask dnsdist to pin the maps
to a filesystem path (see the "ipv4PinnedPath" parameters of
"newBPFFilter", for example) which makes them persistent across restarts.
Hope that helps,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20241104/d83a74af/attachment.sig>
More information about the dnsdist
mailing list