extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-03-03 09:21:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use fake address instead of wireguard address

Browse Source
This commit is contained in:
Zoltan Papp 2023-08-17 08:36:11 +02:00
parent 1c84d6b3b6
commit 98f3012fb3
8 changed files with 45 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
client/internal/dns/service_listener.go
View File

@ -26,6 +26,7 @@ type serviceViaListener struct {
dnsMux *dns.ServeMux dnsMux *dns.ServeMux
customAddr *netip.AddrPort customAddr *netip.AddrPort
server *dns.Server server *dns.Server
fakeIP string
listenIP string listenIP string
listenPort int listenPort int
listenerIsRunning bool listenerIsRunning bool
@ -67,8 +68,9 @@ func (s *serviceViaListener) Listen() error {
s.server.Addr = fmt.Sprintf("%s:%d", s.listenIP, s.listenPort) s.server.Addr = fmt.Sprintf("%s:%d", s.listenIP, s.listenPort)
if s.shouldApplyPortFwd() { if s.shouldApplyPortFwd() {
s.fakeIP = getLastIPFromNetwork(s.wgInterface.Address().Network, 1)
s.ebpfService = ebpf.GetEbpfManagerInstance() s.ebpfService = ebpf.GetEbpfManagerInstance()
err = s.ebpfService.LoadDNSFwd(s.listenIP, s.listenPort) err = s.ebpfService.LoadDNSFwd(s.fakeIP, s.listenIP, s.listenPort)
if err != nil { if err != nil {
log.Warnf("failed to load DNS port fwd, custom port may not support well: %s", err) log.Warnf("failed to load DNS port fwd, custom port may not support well: %s", err)
s.ebpfService = nil s.ebpfService = nil
@ -132,7 +134,14 @@ func (s *serviceViaListener) RuntimePort() int {
} }
func (s *serviceViaListener) RuntimeIP() string { func (s *serviceViaListener) RuntimeIP() string {
s.listenerFlagLock.Lock()
defer s.listenerFlagLock.Unlock()
if s.ebpfService != nil {
return s.fakeIP
} else {
return s.listenIP return s.listenIP
}
} }
func (s *serviceViaListener) setListenerStatus(running bool) { func (s *serviceViaListener) setListenerStatus(running bool) {

BIN
client/internal/ebpf/bpf_bpfeb.o
View File

Binary file not shown.

BIN
client/internal/ebpf/bpf_bpfel.o
View File

Binary file not shown.

16
client/internal/ebpf/dns_fwd_linux.go
View File

@ -10,12 +10,13 @@ import (
) )
const ( const (
mapKeyDNSIP uint32 = 0 mapKeyFakeIP uint32 = 0
mapKeyDNSPort uint32 = 1 mapKeyDNSIP uint32 = 1
mapKeyDNSPort uint32 = 2
) )
func (tf *GeneralManager) LoadDNSFwd(ip string, dnsPort int) error { func (tf *GeneralManager) LoadDNSFwd(fakeIp, dnsIp string, dnsPort int) error {
log.Debugf("load ebpf DNS forwarder: address: %s:%d", ip, dnsPort) log.Debugf("load ebpf DNS forwarder: address: %s:%d", dnsIp, dnsPort)
tf.lock.Lock() tf.lock.Lock()
defer tf.lock.Unlock() defer tf.lock.Unlock()
@ -24,7 +25,12 @@ func (tf *GeneralManager) LoadDNSFwd(ip string, dnsPort int) error {
return err return err
} }
err = tf.bpfObjs.NbMapDnsIp.Put(mapKeyDNSIP, ip2int(ip)) err = tf.bpfObjs.NbMapDnsIp.Put(mapKeyFakeIP, ip2int(fakeIp))
if err != nil {
return err
}
err = tf.bpfObjs.NbMapDnsIp.Put(mapKeyDNSIP, ip2int(dnsIp))
if err != nil { if err != nil {
return err return err
} }

2
client/internal/ebpf/manager.go
View File

@ -1,7 +1,7 @@
package ebpf package ebpf
type Manager interface { type Manager interface {
LoadDNSFwd(ip string, dnsPort int) error LoadDNSFwd(fakeIP, dnsIP string, dnsPort int) error
FreeDNSFwd() error FreeDNSFwd() error
LoadWgProxy(proxyPort, wgPort int) error LoadWgProxy(proxyPort, wgPort int) error
FreeWGProxy() error FreeWGProxy() error

1
client/internal/ebpf/manager_linux.go
View File

@ -74,6 +74,7 @@ func (tf *GeneralManager) loadXdp() error {
Program: tf.bpfObjs.NbXdpProg, Program: tf.bpfObjs.NbXdpProg,
Interface: iFace.Index, Interface: iFace.Index,
}) })
return err return err
} }

23
client/internal/ebpf/src/dns_fwd.c
View File

@ -1,5 +1,7 @@
const __u32 map_key_dns_ip = 0;
const __u32 map_key_dns_port = 1; const __u32 map_key_fake_ip = 0;
const __u32 map_key_dns_ip = 1;
const __u32 map_key_dns_port = 2;
struct bpf_map_def SEC("maps") nb_map_dns_ip = { struct bpf_map_def SEC("maps") nb_map_dns_ip = {
.type = BPF_MAP_TYPE_ARRAY, .type = BPF_MAP_TYPE_ARRAY,
@ -15,6 +17,7 @@ struct bpf_map_def SEC("maps") nb_map_dns_port = {
.max_entries = 10, .max_entries = 10,
}; };
__be32 fake_ip = 0;
__be32 dns_ip = 0; __be32 dns_ip = 0;
__be16 dns_port = 0; __be16 dns_port = 0;
@ -22,8 +25,16 @@ __be16 dns_port = 0;
__be16 GENERAL_DNS_PORT = 13568; __be16 GENERAL_DNS_PORT = 13568;
bool read_settings() { bool read_settings() {
__u16 *port_value; __u32 *fake_ip_value;
__u32 *ip_value; __u32 *ip_value;
__u16 *port_value;
// read fake ip
fake_ip_value = bpf_map_lookup_elem(&nb_map_dns_ip, &map_key_fake_ip);
if(!fake_ip_value) {
return false;
}
fake_ip = htonl(*fake_ip_value);
// read dns ip // read dns ip
ip_value = bpf_map_lookup_elem(&nb_map_dns_ip, &map_key_dns_ip); ip_value = bpf_map_lookup_elem(&nb_map_dns_ip, &map_key_dns_ip);
@ -46,17 +57,17 @@ int xdp_dns_fwd(struct iphdr *ip, struct udphdr *udp) {
if(!read_settings()){ if(!read_settings()){
return XDP_PASS; return XDP_PASS;
} }
bpf_printk("dns port: %d", ntohs(dns_port));
bpf_printk("dns ip: %d", ntohl(dns_ip));
} }
if (udp->dest == GENERAL_DNS_PORT && ip->daddr == dns_ip) { if (udp->dest == GENERAL_DNS_PORT && ip->daddr == fake_ip) {
udp->dest = dns_port; udp->dest = dns_port;
ip->daddr = dns_ip;
return XDP_PASS; return XDP_PASS;
} }
if (udp->source == dns_port && ip->saddr == dns_ip) { if (udp->source == dns_port && ip->saddr == dns_ip) {
udp->source = GENERAL_DNS_PORT; udp->source = GENERAL_DNS_PORT;
ip->saddr = fake_ip;
return XDP_PASS; return XDP_PASS;
} }

5
client/internal/ebpf/wg_proxy_linux.go
View File

@ -2,7 +2,9 @@
package ebpf package ebpf
import log "github.com/sirupsen/logrus" import (
log "github.com/sirupsen/logrus"
)
const ( const (
mapKeyProxyPort uint32 = 0 mapKeyProxyPort uint32 = 0
@ -35,6 +37,7 @@ func (tf *GeneralManager) LoadWgProxy(proxyPort, wgPort int) error {
return err return err
} }
return nil return nil
} }
func (tf *GeneralManager) FreeWGProxy() error { func (tf *GeneralManager) FreeWGProxy() error {