Re: [dnsdist] eBPF filtering

Mon, 04 Nov 2024 05:42:12 -0800 

Hello Aleš,

On 31/10/2024 10:11, Aleš Rygl via dnsdist wrote:
Would it be possible that the entry for ePBF block somehow persisted in the kernel and was not deleted for some reason? 


It is likely that eBPF blocks sometimes linger a bit longer than you 
might expect: for performance reasons we are only removing eBPF entries 
from the map every "setDynBlocksPurgeInterval" seconds (default is 60s). 
But they should not remain longer than that, no, if they are it's a bug.



Is it possible do list somehow the eBPF objects manualy?



Running bpf:getStats() from the console should return all entries. It 
gets the list from the kernel so it should even see entries that it did 
not expect to find.

You can also see them with bpftool:

- sudo bpftool map will return all BPF maps in the system. The ones 
created by dnsdist will have "pids dnsdist", and the one keeping IPv4 
entries has a 4B key ("key 4B"). Note the ID of the map then

- sudo bpftool map dump id <ID> will give you the content of the map

For example here:

$ sudo bpftool map
36: hash  flags 0x0
        key 4B  value 8B  max_entries 1024  memlock 84480B
        pids dnsdist(28366)
37: hash  flags 0x0
        key 16B  value 8B  max_entries 1024  memlock 92800B
        pids dnsdist(28366)
38: hash  flags 0x0
        key 255B  value 16B  max_entries 1024  memlock 350720B
        pids dnsdist(28366)
39: prog_array  flags 0x0
        key 4B  value 4B  max_entries 1  memlock 272B
        owner_prog_type socket_filter  owner jited
        pids dnsdist(28366)

The one I want has ID 36, so:

$ sudo bpftool  map dump id 36
key: 01 02 00 c0  value: 00 00 00 00 00 00 00 00
Found 1 element


It has only one entry, whose key is the IPv4 in network byte order, so 
192.0.2.1.



What happens if there are active eBPF blocks and dnsdist is restarted 
(or dies)? Are all of them cleared from the kernel-space?



Yes, they are cleared. Unless you explicitly ask dnsdist to pin the maps 
to a filesystem path (see the "ipv4PinnedPath" parameters of 
"newBPFFilter", for example) which makes them persistent across restarts.


Hope that helps,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/



Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature


_______________________________________________
dnsdist mailing list
dnsdist@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/dnsdist






















					Reply via email to