Skip to content

XDP broken in kresd, since libknot 3.1

There are some problem for us to get reply from knot resolver after we use xdp. The details are shown below:

OS: Ubuntu 21.14
kernel: 5.13.0-35-generic
network card: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (driver i40e)
knot-resolver:5.5.0-cznic.1
knot:3.1.1-cznic.1

kresd.conf

-- SPDX-License-Identifier: CC0-1.0
-- vim:syntax=lua:set ts=4 sw=4:
-- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/

-- Network interface configuration
net.listen('10.0.0.2', 53, { kind = 'xdp' })
--net.listen('10.0.0.2', 53, { kind = 'dns' })
--net.listen('127.0.0.1', 853, { kind = 'tls' })
--net.listen('127.0.0.1', 443, { kind = 'doh2' })
--net.listen('::1', 53, { kind = 'dns', freebind = true })
--net.listen('::1', 853, { kind = 'tls', freebind = true })
--net.listen('::1', 443, { kind = 'doh2' })

-- Load useful modules
modules = {
	'hints > iterate',  -- Allow loading /etc/hosts or custom root hints
	'stats',            -- Track internal statistics
	'predict',          -- Prefetch expiring/frequent records
}

-- Cache size
cache.size = 1024 * MB

kresd@service

# SPDX-License-Identifier: CC0-1.0
[Unit]
Description=Knot Resolver daemon
Documentation=man:kresd.systemd(7)
Documentation=man:kresd(8)
Wants=kres-cache-gc.service
Before=kres-cache-gc.service
Wants=network-online.target
After=network-online.target
Before=nss-lookup.target
Wants=nss-lookup.target

[Service]
Type=notify
Environment="SYSTEMD_INSTANCE=%i"
WorkingDirectory=/var/lib/knot-resolver
ExecStart=/usr/sbin/kresd -c /usr/lib/knot-resolver/distro-preconfig.lua -c /etc/knot-resolver/kresd.conf -n
ExecStopPost=/usr/bin/env rm -f "/run/knot-resolver/control/%i"
User=knot-resolver
Group=knot-resolver
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
TimeoutStopSec=10s
WatchdogSec=10s
Restart=on-abnormal
LimitNOFILE=524288
Slice=system-kresd.slice

[Install]
WantedBy=kresd.target

And after we start knot resolver through systemctl start kresd@1.service, and run dig @10.0.0.2 www.baidu.com, we cannot get reply from knot resolver

root@master-ubuntu1:~# systemctl status kresd@1.service
● kresd@1.service - Knot Resolver daemon
     Loaded: loaded (/lib/systemd/system/kresd@.service; disabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-03-22 14:32:34 CST; 4s ago
       Docs: man:kresd.systemd(7)
             man:kresd(8)
   Main PID: 17028 (kresd)
      Tasks: 1 (limit: 629145)
     Memory: 21.2M
        CPU: 106ms
     CGroup: /system.slice/system-kresd.slice/kresd@1.service
             └─17028 /usr/sbin/kresd -c /usr/lib/knot-resolver/distro-preconfig.lua -c /etc/knot-resolver/kresd.conf -n

3月 22 14:32:34 master-ubuntu1 systemd[1]: Starting Knot Resolver daemon...
3月 22 14:32:34 master-ubuntu1 kresd[17028]: libbpf: Kernel error message: XDP program already attached
3月 22 14:32:34 master-ubuntu1 systemd[1]: Started Knot Resolver daemon.

root@master-ubuntu1:~# dig @10.0.0.2 www.baidu.com

; <<>> DiG 9.16.15-Ubuntu <<>> @10.0.0.2 www.baidu.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Edited by Vladimír Čunát
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information