dnsdist: Document how raising LimitMEMLOCK might be needed for eBPF

diff --git a/pdns/dnsdistdist/dnsdist.service.in b/pdns/dnsdistdist/dnsdist.service.in
index 4fdbbb4115d655ede55e358df50bc39a9a11262c..3e521f22a8a3077a403e429e08b75caa35995016 100644 (file)
--- a/pdns/dnsdistdist/dnsdist.service.in
+++ b/pdns/dnsdistdist/dnsdist.service.in
@@ -18,8 +18,10 @@ TimeoutStopSec=5
 StartLimitInterval=0
 
 # Tuning
-LimitNOFILE=16384
 TasksMax=8192
+LimitNOFILE=16384
+# Note: increasing the amount of lockable memory is required to use eBPF support
+# LimitMEMLOCK=infinity
 
 # Sandboxing
 # Note: adding CAP_SYS_ADMIN (or CAP_BPF for Linux >= 5.8) is required to use eBPF support,

diff --git a/pdns/dnsdistdist/docs/advanced/ebpf.rst b/pdns/dnsdistdist/docs/advanced/ebpf.rst
index 446a52b82def1683fc6d4500e2a925717bc9ecf5..488480406ebef17f97f690862c22d100d03aeb4e 100644 (file)
--- a/pdns/dnsdistdist/docs/advanced/ebpf.rst
+++ b/pdns/dnsdistdist/docs/advanced/ebpf.rst
@@ -67,4 +67,4 @@ Since 1.6.0, the default BPF filter set via :func:`setDefaultBPFFilter` will aut
 
 That feature might require an increase of the memory limit associated to a socket, via the sysctl setting ``net.core.optmem_max``.
 When attaching an eBPF program to a socket, the size of the program is checked against this limit, and the default value might not be enough.
-Large map sizes might also require an increase of ``RLIMIT_MEMLOCK``.
+Large map sizes might also require an increase of ``RLIMIT_MEMLOCK``, which can be done by adding ``LimitMEMLOCK=infinity`` in the systemd unit file.