-
Notifications
You must be signed in to change notification settings - Fork 921
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dnsdist: Added XDP middleware for dropped/redirected queries logging #11020
Conversation
I saw that @rgacogne added a type to |
I briefly tested adding it back and the program loaded fine, but perhaps it fails after the startup? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, thanks! The indentation in the ebpf.src files could be improved (we have a .clang-format at the root of the repo that might help) but that's not a blocker for me.
Just adapted the indentation, I was in a hurry and did not took the time to fix this before.
It was failing at the python script startup, maybe it is a problem on our side |
Thanks for fixing the indentation!
Actually that's my fault, you can't specify the underlying type of an enum in C, I guess I'm too used to C++11 these days, and my compiler somehow allows that.. |
Could you tell me how you converted your .ebpf.src files to .ebpf ? I am trying to switch from Python to C++ to load the logging middleware as Python is not fast enough to pull the event perf buffer under high load, so events get dropped. |
The easiest way for you, since you are already using xdp = BPF(src_file="xdp-filter.ebpf.src")
newFile = open ("/tmp/ebpf.bin", "wb")
dump = xdp.dump_func("xdp_dns_filter")
newFile.write(dump)
newFile.close() In dnsdist I did not want to commit a huge binary blob, especially since we have to update the file descriptors in that blob to match the one linked to eBPF maps, so I used this script (which doesn't cover all functions but would be easy to update) to get the eBPF code in a more easy to understand form: https://coredump.fr/static/powerdns/reverse.py |
If you try to use that script, |
8d3b785
to
7e4692d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rebased on master to fix conflicts, looks good to me!
Short description
According to this issue #11009, this pull request add the possibility to load user-defined XDP function when performing TC or DROP action. This allow the user to log the queries even if they do not reach libpcap.
I added a custom XDP filter and a Python script to load it and output information about dropped/tc packets
Checklist
I have: