blob: 44788ca0d803b798842674b571246dc935834234 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Prerequisites:
--------------
Python >=3.3
dnspython >=2.2.0
python3-psutil
dnssec-signzone
dnssec-keygen
dnssec-verify
ldnsutils
Bind >= 9.11
lsof
gawk
objdump
(valgrind)
(gdb)
Python modules:
---------------
To install necessary Python modules using pip, run:
$ pip install -r requirements.txt
Optional loopback addresses configuration:
------------------------------------------
# for i in {1..64}; do sudo ip address add 127.0.1.$i/32 dev lo; done
# for i in {1..64}; do sudo ip address add ::1$i/128 dev lo; done
Ubuntu:
-------
Disable apparmor protection for system Bind:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.named
or
$ sudo ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/
$ sudo /etc/init.d/apparmor restart
Allow ptrace:
# echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
or
# vim /etc/sysctl.d/10-ptrace.conf
# kernel.yama.ptrace_scope = 0
XDP:
----
XDP testing with Valgrind requires running under root. Testing with ASAN is
possible if lsof has two following capabilities:
$ sudo setcap "CAP_SYS_PTRACE,CAP_DAC_OVERRIDE+ep" `which lsof`
And knotd has set:
$ sudo setcap "CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_ADMIN,CAP_IPC_LOCK,CAP_SYS_PTRACE+ep" `readlink -f ../src/knotd`
Tcpdump:
--------
$ sudo setcap "CAP_NET_RAW+ep" `which tcpdump`
|
