eBPF functions and objects

These are all the functions, objects and methods related to the eBPF Socket Filtering.

addBPFFilterDynBlocks(addresses, dynbpf[[, seconds=10], msg])

This is the eBPF equivalent of addDynBlocks(), blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter. The default number of seconds to block for is 10.

  • addresses – set of Addresses as returned by an exceed function
  • dynbpf (DynBPFFilter) – The dynamic eBPF filter to use
  • seconds (int) – The number of seconds this block to expire
  • msg (str) – A message to display while inserting the block
newBPFFilter(maxV4, maxV6, maxQNames) → BPFFilter
newBPFFilter(v4Parameters, v6Parameters, qnamesParameters) → BPFFilter

Changed in version 1.7.0: This function now supports a table for each parameters, and the ability to use pinned eBPF maps.

Return a new eBPF socket filter with a maximum of maxV4 IPv4, maxV6 IPv6 and maxQNames qname entries in the block tables. Maps can be pinned to a filesystem path, which makes their content persistent across restarts and allows external programs to read their content and to add new entries. dnsdist will try to load maps that are pinned to a filesystem path on startups, inheriting any existing entries, and fall back to creating them if they do not exist yet. Note that the user dnsdist is running under must have the right privileges to read and write to the given file, and to go through all the directories in the path leading to that file. The pinned path must be on a filesystem of type BPF, usually below /sys/fs/bpf/.

  • maxV4 (int) – Maximum number of IPv4 entries in this filter
  • maxV6 (int) – Maximum number of IPv6 entries in this filter
  • maxQNames (int) – Maximum number of QName entries in this filter
  • v4Params (table) – A table of options for the IPv4 filter map, see below
  • v6Params (table) – A table of options for the IPv6 filter map, see below
  • qnameParams (table) – A table of options for the qnames filter map, see below


  • maxItems: int - The maximum number of entries in a given map. Default is 0 which will not allow any entry at all.
  • pinnedPath: str - The filesystem path this map should be pinned to.
newDynBPFFilter(bpf) → DynBPFFilter

Return a new dynamic eBPF filter associated to a given BPF Filter.

Parameters:bpf (BPFFilter) – The underlying eBPF filter

When used at configuration time, the corresponding BPFFilter will be attached to every bind.

Parameters:filter (BPFFilter) – The filter to attach
Register a DynBPFFilter filter so that it appears in the web interface and the API.
Parameters:dynbpf (DynBPFFilter) – The dynamic eBPF filter to register
Remove a DynBPFFilter filter from the web interface and the API.
Parameters:dynbpf (DynBPFFilter) – The dynamic eBPF filter to unregister
class BPFFilter

Represents an eBPF filter


Attach this filter to every bind already defined. This is the run-time equivalent of setDefaultBPFFilter()


Block this address

Parameters:address (ComboAddress) – The address to block
:blockQName(name[, qtype=255])

Block queries for this exact qname. An optional qtype can be used, defaults to 255.

  • name (DNSName) – The name to block
  • qtype (int) – QType to block

Print the block tables.


Unblock this address.

Parameters:address (ComboAddress) – The address to unblock
:unblockQName(name[, qtype=255])

Remove this qname from the block list.

  • name (DNSName) – the name to unblock
  • qtype (int) – The qtype to unblock
class DynBPFFilter

Represents an dynamic eBPF filter, allowing the use of ephemeral rules to an existing eBPF filter. Note that since 1.6.0 the default BPF filter set via setDefaultBPFFilter() will automatically be used by a DynBlockRulesGroup, becoming the preferred way of dealing with ephemeral rules.


Remove the expired ephemeral rules associated with this filter.


Exclude this range, or list of ranges, meaning that no dynamic block will ever be inserted for clients in that range. Default to empty, meaning rules are applied to all ranges. When used in combination with DynBPFFilter:includeRange(), the more specific entry wins.

Parameters:netmasks (int) – A netmask, or list of netmasks, as strings, like for example “”

Include this range, or list of ranges, meaning that rules will be applied to this range. When used in combination with DynBPFFilter:excludeRange(), the more specific entry wins.

Parameters:netmasks (int) – A netmask, or list of netmasks, as strings, like for example “”