From 23a6d7e5a9e8694db194d84b812bad4228934797 Mon Sep 17 00:00:00 2001 From: Zoltan Papp Date: Tue, 1 Aug 2023 12:15:45 +0200 Subject: [PATCH] Fix map reading --- client/internal/dns/forwarder/bpf_bpfeb.go | 3 ++ client/internal/dns/forwarder/bpf_bpfeb.o | Bin 6296 -> 6704 bytes client/internal/dns/forwarder/bpf_bpfel.go | 3 ++ client/internal/dns/forwarder/bpf_bpfel.o | Bin 6296 -> 6704 bytes client/internal/dns/forwarder/src/port_fwd.c | 39 +++++++++++------- .../dns/forwarder/traffic_forwarder.go | 2 +- 6 files changed, 32 insertions(+), 15 deletions(-) diff --git a/client/internal/dns/forwarder/bpf_bpfeb.go b/client/internal/dns/forwarder/bpf_bpfeb.go index 1fe1fd6e0..9ab731d9b 100644 --- a/client/internal/dns/forwarder/bpf_bpfeb.go +++ b/client/internal/dns/forwarder/bpf_bpfeb.go @@ -61,6 +61,7 @@ type bpfProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfMapSpecs struct { + XdpIpMap *ebpf.MapSpec `ebpf:"xdp_ip_map"` XdpPortMap *ebpf.MapSpec `ebpf:"xdp_port_map"` } @@ -83,11 +84,13 @@ func (o *bpfObjects) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfMaps struct { + XdpIpMap *ebpf.Map `ebpf:"xdp_ip_map"` XdpPortMap *ebpf.Map `ebpf:"xdp_port_map"` } func (m *bpfMaps) Close() error { return _BpfClose( + m.XdpIpMap, m.XdpPortMap, ) } diff --git a/client/internal/dns/forwarder/bpf_bpfeb.o b/client/internal/dns/forwarder/bpf_bpfeb.o index 5c31177e5050ba9926233d087d6744ac927fc237..f18f85af73610b5b48343a3fda87f8718c2fe490 100644 GIT binary patch literal 6704 zcmb_gU1(fc9Y1$6+hnclCf&x33UX4~GO6w4YpbEP-89%Wg<^+p3SCidCNnpgA(NTu z+&k^mb=@F-1lfmuS?Pmd$|?l$p$`j*3N{bI21M+`B6$$0AQ)D`yloI6{(k3Ua&p?B zf(PzB|KI=n{LjZdGjCqL`bsJlh;|FaN1z=>TLPkYTcL6D?h!#>x1!sxKG`M}@m&pr z)oD%i3eiIX1mtViXyFu10qx_}io(ewuF~Iw9ZP-Q8Z53U;p!u|F$J9S-^9DXVG- zaid#gsp-r8{B1ok-j}KWL>=qo?zO@#P5%#mU!p}><&AN@pzX~(9b8Y0` zVe~!z{N;~Pig?4~v+Tb&CUsb*^a47w1p`78m4~b63UReyomzKJ6>Dgs^y?p?_TzFhB-M3q1r~ zz?~=*S&B^sv}XY4Am^@wzo3fV?7$#4v;_Z~h8_p~Jws1}{-L24LI2dy%b?$5K(tQK zzchI;KS?Ggj;v?Vy^kLJ;I~!>y#)Tf$yK>AMMGZcW1oNl8s`$K>0u8~z!}CQjzabo z^oY-veibj$67<&$Jq~)#(9@tfUg|7@e#7`>$2dzKe#eZDIsM4UcydtpT_a--KQlCr zhx7vo*;sn)p7cXw_X05OHjJF}rp!91tsB?yr|@8S>E9VW&_V+L+4$jlfGGXp^Ew8g z-Ye*-Yjzalr~l#TsQqJf)Sl9G`XlI=P{N$1D*mox3sN&r(vWRx+pB^7CS_88-&Y)k39N zj0R`QNjx}nH;Ljq`Fgel+eVZ$8&w&GGh~H@S~X7c)g&Apkr^^uCaN07f6QEIJ()Y% zPWF4g-2BNkBZxDn9G&yx4Z*T3;Bd$%dG!jTsz%{L1Qx2^h+-6Jwp=YnEzxL&x0+Ei z3N?)OOT(}^IwG3YxI9;lin3fyL?LOxNuuJgm?}JGjSLDT6L1BYIB7Hsn!iw#r{KU2 zhVxo)z-T^m%sc9iomMjxXU>ie>=nfNl@~6^A?pQeMXeC)2}+V#@nnRXYEmo38Ea{s zJZlA7$-%RkOso|+7E z;g#HgttC~<^)nZhUZGZ@>XlsX`n9QR;f*ile6?b}SZq*-UoWAIn_}fCP@slu)=RTfa3$aQ2Njz50Gk@CPzX)} z4&Z--{@ylt0=GBDTXr!0uNxc*@ke|oRPHCiV?&$(ez!>Ty9AuVx8m>oHjitJw{9k{ zwtO0F>R%9In|ZW6yr^-z4l4%RIy^Ag)?p3Ut;4z_XB{>THg!;+Jmzoe5HJT~Q-?r0 z7Tt zV8`GOMbHhL0%W|7UJL;>OmXfkM!Zy?!MBk*@=uL9nDTLh?~5RZ`#@^a!Ib9=-Vnhw z?i8t#gQ;J4F!fso|5XGD<1IRv@+FPaT_X4n?og>^2lJ}2qHz$3;4L*dz)x-1Kx*)w za2?q4Nw*vH(`~Rv`~sxm2duSie*j_lDksYy#pbd8E$}4*%LGlo zSHSOj3je0#hxTmj`y4-Z9PFjz$MTuq_mQW?fNZHXyuJl}d%h?xUalU;VC&uunmJlL z2^w?Q#?zqb%gVVH%v~LnK0~g(ye(iSULb)T|7z_z z_G<09^3%|#+>BrC4azOffo48fI&3NamS8-K6VO=WZT+`Eb3E4m9%$xk>&tkog~eY4 zOo-3dBFzf5e7d_1Sx$Eb?5p7HRQhbKLJ)59eX zw>-S$;d>rl@$j05H$1%Q;VlpE?8m7t5BGUEt!*Rw}m_LSA+8J818kM-6)`6&Tb`M0)0@a)i<#1hd7JJ+I#cR@yHltOm91z2k`(N>)*HM z{$lgz#kGGQavR_L`>Aa3>ag~He5=p?O~>AgpO%oZx$%gtJ?Zy6OrB}!!VY z`F77f*Ga2D3Vtf4v>-}ClmvcaW+=NrNOB=^c zbk<6p=~V;N_zZcCQ~$B~HpzX|<}VofGx!~)#bfhbG=6Mfe#1~VQJ0s)y_NF2Ypdii zPP5UDtF=!#CNHs9>h_n+xD|G5Yikd0h8k~^_1yyff0DyE zO6{%8J8_cc%OSaLoYEn3Hud|o^;_Df3e+n-%O3i}X54yEkNXEk)DBV?cB^fA99Ey> zc;3i+PL2>^-41Gb5A>eXI8;w#-0ts>(jH0?Z&-bWYA4wjZUq~i$Bf{_pE? zfzB`|wF_>!=7`T$;G0T11kGJbdII!bp=UsI7m>dRdQALsK%By)%m+0noD>;%HD%uw z*-p^sgl7CQglsG|bPFx9%vAI*)BTH2hfpF>Wf-K>l8k6_#k!LrJ^H^MoqQiQYGR( zjnX*FlKS~n4Q6pCQ-eckt30G7bC)WEWfh`bEY;d^csQJG&P5BQW>jl5=G)CEuEh(* zeVt0vc!K0WxR3Jr_;Q37L9_eEw2Ne}xLdpF53gv3mBVc{Yt+-?ej^t3X7s-XO`1-~ zMEtl>lcvP1758`LV``|KwuX{=xz?`4L$gVi4$WT9;`CCfIao!;tvGA9>R}Ykk`jp&&F<2;cD^AlWnM>-GxT9K~=t4Vg$B}{Y zdTA83M@LkE>v^@txYa>VJ%%G&f|oD~3NF+En_@ zW=-b8B76;uSEFXDku}2IcGn&~JsC|!$EW&j^{ARO2gbEtxlyC)@u{g(Cr_V@&U|yq zSF4mNl@@haR+LKK4tha01LJ9<-73eA;=MT9FF9#(B~CL`$F9kka$mosxen?pf_;T6 z@tn#oH)F+jl|@tfeKX`jse@I@T1lL04|BB=4hZ)}SJ?6~HmAv2qv5Y(Xru3L*tE(^ ziOo%wtECoHUO9E@m9x=zj(_iHbo%Vn(I`?;Eh)$KG**MNDbAr*gVk4-i5aEJemg@s z$DYTCCwCXms_=Lg^BZB$LLAG%JqPo1#Iv6|@@e9^tnmGKjpr$E8N~QzF4ET_!MMI$ zqur!~d6drxeqX62%C8Fkt5R>#{+i%_DRrItOUMVYgO`-L$N0;RoM-!r!NEDDZeR{N z_dVdTg}|RE^*hq^4V=R_Z$;>JxM<|vc})qn^O_cH=T&tu^IQ~c=XG7Mo!1S)c3!u< zd965d&g;Ixxvwg9hj)k2VD!2Ll5bZobBY*nKkEoy*^VfB^nDYA~Kc|8a`y_baV9Fl~ep3Z6 z;QOEJaWM3Ay$*(cu21m$DwssPTTc^#NE82coc2|)kHmWROx z3cm%<@>g6r^b0N)`ZpMbAF$rG-2owdotNd0;<9A@TOM`KVM5rq>l*G{st^1v!nN@^ zhTyZFY?e>I#~ghv6#2IueV6|R^0D^9&rO5qK;NDPuD+$2tF1BDk-1pRb-;Rc@eF8J zzX?p=R(~0^+0bkOUYw?sPpYbs3>Dn)PnDck# z%O1Yr;S~?x@$h{QuL3*y26pa}f57+Jm2*8^%=L8fq=%ThC4hN%Ad+(yv@Zhi!4j;rE z{~ztAaKgQ@LEHJdFj;@M*>jJ)C-7KozY|t>LI}RUZsYpcMq8eBY!kZgcF#--IfJnm zkNs|0d-BfW*(82IIhy{S7}E6Cp6Cpo&Ej7->iWJ&U-mq-_T;^X$Huq$iCMlXgw+?= z^+P;}$J%@AkZ+0szr${`d63tS$NKl}-xMQ%U0nO$L&wG+5q%l**1m5&zpGEX%XqB4 zAO9_}bK{X^^+|u|Ve+KqmkqIX%yMLO{e1x5ChOOGNc3kga;^A{WwZ4nkN>~8`A{zH zsZR`%_vi1%r_aseFB$vXeTN#kv4W8*!X?_2KJ!aApigX diff --git a/client/internal/dns/forwarder/bpf_bpfel.go b/client/internal/dns/forwarder/bpf_bpfel.go index c98028ef6..27f09b354 100644 --- a/client/internal/dns/forwarder/bpf_bpfel.go +++ b/client/internal/dns/forwarder/bpf_bpfel.go @@ -61,6 +61,7 @@ type bpfProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfMapSpecs struct { + XdpIpMap *ebpf.MapSpec `ebpf:"xdp_ip_map"` XdpPortMap *ebpf.MapSpec `ebpf:"xdp_port_map"` } @@ -83,11 +84,13 @@ func (o *bpfObjects) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfMaps struct { + XdpIpMap *ebpf.Map `ebpf:"xdp_ip_map"` XdpPortMap *ebpf.Map `ebpf:"xdp_port_map"` } func (m *bpfMaps) Close() error { return _BpfClose( + m.XdpIpMap, m.XdpPortMap, ) } diff --git a/client/internal/dns/forwarder/bpf_bpfel.o b/client/internal/dns/forwarder/bpf_bpfel.o index c45d49af70334ac17931ddc7b8c8d9e188f023b7..9713152e217dec225d19775e94b2d89b7e6847b8 100644 GIT binary patch literal 6704 zcmbtYU1(g#6`qxqc;#5KBwLBq+p7L^V%OjsJhu)oo8(O~nkP@YKL%*@LwY7x2%)hh? zAFrD}utIk}Mbi#7kw`=Ptlq7^HD6uYvwhsH!!$o~uNcD>l6D!?`owM**+~LO}y~lf1ca7PMC0>>{od2-`Z{o@v#hQc8B=I>e=Qx zWJ44GDeCvY?zAp1L2lz`r`okcHme7eTo~uW9&1+e><w z+wNOBqeWWA8S&YJheSJKj#kD!%=O_O=l<3_)`@GV0hS(Pah#%($KL%7&*-g~EH_zbpI*_#X*B3H~R-&x8Mk z@C)ES1P@9w=Wh(3;CwwiB#1gYFn$Dv@;_|1N&E>Ie|u$X(q#`<f(N(%aDUd zfib7{1JHdFynXfF6yAgUZQ)12&j>#WJ`{c){5#-5U0wKKp1Tfy-{2%``l;x6Y|!=t z(XobK3f~9*k>L|u8@{*8;>Ybxzg5wb$Gka^u&b5g4*mijn*34hICyyeW^fnRk4~Qg zBga0lN{&|TC&#GXbN`Cjn77EpHgA&QKZ6b8={N@&48&AhF<-5OjC19jNaU42TB(#& zEy(8mFo>dJc_vipC}>0~Js8$09}9PI;hW)xVi7)dTOmH&vbX=dxA5RH@9? ztA0=l=2FKR`Kk{a$WM63sGSXN`*=Yh95`npOs5XnCTMMFkt?c>!6h(fnQVyeRIr4{3dnpPVl2uRR ze^#!oo~@nYSoN(~@%ky18HB0hF`IMh9mTfH;c&=CS^eP$WrO^=03vj~7KCWhbg`Td z8miXtZ`6Z&;2Rih*ZO{a__V5*!{SUi$a}?dq;gRMK_Z=p&D80!Y7|i6v4FTD6-Kps z&dBHT-f;x5li|8nYjB!P9d?eo!zc6#g{jwv2U-oWalP~By;C*{_KMyiHWG|HR>hMM zVaidZ5T>lB4Yre$IZVZ+q+PI=kiFw(rHIPeQ??VmPZ`NTs#Gb@3}8wpFIeq1bEbK| zx!tB-iq77by|DP5pfYVc7DROKDuWT<6sGmv|ebfwIRyKA2X~?P{R-#K}*i*u%RSZG#nTBK8WaRcmdQ@%z+U%^nvXLHww1tzx}NaYII8cZ%;yLRy{|IN$a zy5x_)mAT~m$}bgjK{*UmdMd=pR;zFslocXdsK28Z0C~t;^~sp`iXe?2{WxH5@!I*!E#juOdYE$s1#N7ZGY2Sx^b{>=Hj^Peq-eal134IreKNG_pz$1bmLf@H5sIeIC0L}6*Y9WUA0WS*H`|Lf;?{jDu zC-2aT#%+4PIx1YQkkp}HYuv8b=Q#aEQp*+nhq&C!sp z;4)y3{>8FgeqGCVn|l>_eZRukujMZ`XJF%aTApmmZMi>&ytgUEdm)PNX?uIZm^&Us zO=25(kM0%;aS{*TTM{wv@{@Q-#Ee!Y01@-PzJP~Bycf?T9+JiL8X3%d_hXp(R$`d> z_}-FizI6ke`8+B>Ha_>Q#q{UCvzYaq5X?SO&-a2vOuhBTHrDfhTlB=7UlgYYtv_@TP;4vGrv?`W>8d zaD0E!e$3HdcW}YM4F}(K@B;@gI{2}JR~@|O;B^OYIylKmfb4qrJ2>TFdk?bqV~+ln z-oBm#{kU5NCHdt@Zgl*OG=E0M?~nSzs4rsr;&7+0A74mnhO5>MKl%2wOdrpsX1=QuDNOfg&bjW{=!zq8*-Vo_ElpZq5 zp;M+||L5le_)F`yMe5?k5%gCxG(TnAHZlHRqR*e!Hp z{Jh(3*h!HPa?9{6Cy82(gJ%pkKd&+*yH5>j`CFU;vs3&jLI!#tiQCFT8d*UznW0Uqw&V-QdN QxmFMd4vb~<^ZrNrFTxKM>Hq)$ delta 2251 zcmZ9NZ%AEr7{{OA^?L6;PVXP5_gpQyXG`5RSnk$H$<<^~NwuX!VJ}2Q4Q-N6T{C9$ zMg@%^ygj`T+sGWm7&W}}MI#0oK|ybtu@}Br;HW4lSiT6P7WIA3c}_d*!E=7k=lSz{ zp67S&Ij-zq$j|3OJvGJqjufxvic9;7Gr8h+15cZ@*<1XeWzVA|GHTp~u47F?%|t!+ z???HD$>$z)aUc-uz>Ak_eM{0bL=9QTdlF7m#4ghr>usE!05#4taZRdrpAv?4i58` ziqqV+V`h#%{LQ#CNwEgKu3?yMIUk5T>v~)=r-(e-4S>%TU^#M$5naT=mB&>zOSDgU z8f&aT)TaCv*5v#go?*ZcpC{^9J|_VSL~kqqf;D!A2qA8Pzp=*86Cs4^(M>C^iVdQr zfWH#{HRWFT&5GCjZrDT|)OTNTy5ddhfTNf^w&oQHat=OWf3hxRf3hBBZ!)5h0Lx$n zWq&aAMsp5s{$yy*E#Oaf862E!E#Q~QHkGqz*t&{bOz6PoOHSGMw<#Z%_-jNn2Ctgq zM`JDA5iqZO0trn&;i#2A7T&~BE3bnexka=RU<-U%`2qZB;z{HFZls>D1>Q6`e=+pJ zP~{lg10Sd#qmQDfz~6UGkuLoNpxT z{1Mj{lQ38Cy1Vi^?$yZjr3dvzX82h0*#Yc96E1u2o4j930haHrzo)b$|6y_gzvQ+LC#X^J&|9O+M?84em~#2z4g-+jNt8 zfw$6G)59q{Yo6m$+76vh@RN3vS>|K5ZASRCebAbao**^6Zns+UOA?825lLTiK4brH z%W!ulYhLA&ZChtFE{u9vbCFAkTT)v)uOse)6tvos-hTa@s%y2b>lYC_)wMP+sBcqe j6_nZKKt$9{FL9~Pwq|s~a<}3lZ^5=L;gBv))o1?$EaU}C diff --git a/client/internal/dns/forwarder/src/port_fwd.c b/client/internal/dns/forwarder/src/port_fwd.c index fc594bdf0..d8edcd830 100644 --- a/client/internal/dns/forwarder/src/port_fwd.c +++ b/client/internal/dns/forwarder/src/port_fwd.c @@ -15,6 +15,13 @@ const __u32 map_key_dns_ip = 0; const __u32 map_key_dns_port = 1; +struct bpf_map_def SEC("maps") xdp_ip_map = { + .type = BPF_MAP_TYPE_ARRAY, + .key_size = sizeof(__u32), + .value_size = sizeof(__u32), + .max_entries = 10, +}; + struct bpf_map_def SEC("maps") xdp_port_map = { .type = BPF_MAP_TYPE_ARRAY, .key_size = sizeof(__u32), @@ -25,32 +32,37 @@ struct bpf_map_def SEC("maps") xdp_port_map = { __be32 dns_ip = 0; __be16 dns_port = 0; -bool read_port_settings() { - __u16 *value; - __be32 *ip_value; - value = bpf_map_lookup_elem(&xdp_port_map, &map_key_dns_port); - if(!value) { - return false; - } +// 13568 is 53 in big endian +__be16 GENERAL_DNS_PORT = 13568; - dns_port = htons(*value); +bool read_settings() { + __u16 *port_value; + __u32 *ip_value; - ip_value = bpf_map_lookup_elem(&xdp_port_map, &map_key_dns_ip); + // read dns ip + ip_value = bpf_map_lookup_elem(&xdp_ip_map, &map_key_dns_ip); if(!ip_value) { return false; } dns_ip = htonl(*ip_value); + + // read dns port + port_value = bpf_map_lookup_elem(&xdp_port_map, &map_key_dns_port); + if(!port_value) { + return false; + } + dns_port = htons(*port_value); return true; } SEC("xdp") int xdp_dns_port_fwd(struct xdp_md *ctx) { if(dns_port == 0) { - if(!read_port_settings()){ + if(!read_settings()){ return XDP_PASS; } - bpf_printk("dns port: %d", dns_port); - bpf_printk("dns ip: %d", dns_ip); + bpf_printk("dns port: %d", ntohs(dns_port)); + bpf_printk("dns ip: %d", ntohl(dns_ip)); } void *data = (void *)(long)ctx->data; @@ -73,13 +85,12 @@ int xdp_dns_port_fwd(struct xdp_md *ctx) { return XDP_PASS; } - // 2130706433 = 127.0.0.1 if (ip->daddr != dns_ip) { return XDP_PASS; } // skip non dns ports - if (udp->source != htons(53)){ + if (udp->dest != GENERAL_DNS_PORT){ return XDP_PASS; } diff --git a/client/internal/dns/forwarder/traffic_forwarder.go b/client/internal/dns/forwarder/traffic_forwarder.go index 05155241f..46f940743 100644 --- a/client/internal/dns/forwarder/traffic_forwarder.go +++ b/client/internal/dns/forwarder/traffic_forwarder.go @@ -52,7 +52,7 @@ func (tf *TrafficForwarder) Start(ip string, dnsPort int) error { _ = objs.Close() }() - err = objs.XdpPortMap.Put(mapKeyDNSIP, tf.ip2int(ip)) + err = objs.XdpIpMap.Put(mapKeyDNSIP, tf.ip2int(ip)) if err != nil { return err }