Set default BPFFS path and update XSKMAP documentation

nsd.conf.5.in

@@ -593,23 +593,27 @@ The eBPF XDP program to extract the XSKMAP from. Specify your own program here,
 if you want to use a custom XDP program. The default program shipped with NSD
 only redirects UDP (over Ethernet[+VLAN]+IPv4/6) traffic to port 53.
 When using your own XDP program, it needs to define a BPF_MAP_TYPE_XSKMAP
-named "xsks_map" and pin it (see \fBxdp-bpffs-path\fR) with read and write
-permission for NSD.
+named "xsks_map".
 .IP
 This option needs to be set, even when NSD is configured not to load the
 specified XDP program (see \fBxdp-program-load\fR), to be able to determine the
-XSKMAP structure. Default is "@sharedfilesdir@/xdp-dns-redirect_kern.o".
+XSKMAP structure. In this case your XDP program needs to pin the above
+mentioned map in a bpffs (see \fBxdp-bpffs-path\fR).
+.IP
+Default is "@sharedfilesdir@/xdp-dns-redirect_kern.o".
 .TP
 .B xdp\-program\-load:\fR <yes or no>
 Specify whether NSD should load the XDP program. If set to no, you need
 to load the XDP program yourself. Default is yes, if xdp-interface is set.
 .TP
 .B xdp\-bpffs\-path:\fR <string>
-The path to the bpffs to store/read the xsks_map pin. NSD needs to have
-read/write access to the specified bpffs. The default of libbpf (/sys/fs/bpf)
-usually doesn't have the necessary permissions set for non-root users.
-Either set the necessary permissions or mount your own bpffs.
-Default is "", letting libbpf decide the default path.
+The path to the bpffs to store/read the xsks_map pin. If NSD loads an XDP
+program that specifies to pin its map, you will have to unlink the map yourself
+when exiting NSD, as NSD won't be able to unpin the map after dropping
+privileges. Alternatively, you could mount a custom bpffs and allow the nsd
+user to delete files in that directory.
+.IP
+Default is "/sys/fs/bpf".
 .\" xdpend
 .SS "Remote Control"
 The

options.c

@@ -163,7 +163,7 @@ nsd_options_create(region_type* region)
 	opt->xdp_interface = NULL;
 	opt->xdp_program_path = SHAREDFILESDIR"/xdp-dns-redirect_kern.o";
 	opt->xdp_program_load = 1;
-	opt->xdp_bpffs_path = NULL;
+	opt->xdp_bpffs_path = "/sys/fs/bpf";
 #endif
 
 	opt->verify_enable = 0;

xdp-server.c

@@ -282,11 +282,7 @@ static int load_xdp_program_and_map(struct xdp_server *xdp) {
 		char map_path[PATH_MAX];
 		int fd;
 
-		if (xdp->bpf_bpffs_path)
-			snprintf(map_path, PATH_MAX, "%s/%s", xdp->bpf_bpffs_path, "xsks_map");
-		else
-			/* document this behaviour, as the current documentation states that bpffs path is chosen by libbpf */
-			snprintf(map_path, PATH_MAX, "%s", "/sys/fs/bpf/xsks_map");
+		snprintf(map_path, PATH_MAX, "%s/%s", xdp->bpf_bpffs_path, "xsks_map");
 
 		fd = bpf_obj_get(map_path);
 		if (fd < 0) {
@@ -507,7 +503,13 @@ int xdp_server_cleanup(struct xdp_server *xdp) {
 	if (xdp->bpf_prog_should_load) {
 		if (xdp->xsk_map && bpf_map__is_pinned(xdp->xsk_map)) {
 			if (bpf_map__unpin(xdp->xsk_map, NULL)) {
-				log_msg(LOG_ERR, "xdp: failed to unpin bpf map during cleanup: \"%s\"\n",
+				/* We currently ship an XDP program that doesn't pin the map. So
+				 * if this error happens, it is because the user specified their
+				 * custom XDP program to load by NSD. Therefore they should know
+				 * about the pinned map and be able to unlink it themselves.
+				 */
+				log_msg(LOG_ERR, "xdp: failed to unpin bpf map during cleanup: \"%s\". "
+				        "This is usually ok, but you need to unpin the map yourself.\n",
 				        strerror(errno));
 				ret = -1;
 			}