dnsdist: Fix eBPF filtering of long qnames

This commit switches to the use of eBPF positive offsets to access
the content of the transport and application layers, since using
negative offsets (needed to access the other layers) led to issues
with long qnames.
This is cleaner anyway :-)

diff --git a/pdns/bpf-filter.ebpf.src b/pdns/bpf-filter.ebpf.src
index f1c5effcbe49bcadc688cc7324cf5079a1ca73be..9f58669068761bf0b271eddd4e01653cdf1806d0 100644 (file)
--- a/pdns/bpf-filter.ebpf.src
+++ b/pdns/bpf-filter.ebpf.src
@@ -401,6 +401,9 @@ int bpf_qname_filter(struct __sk_buff *skb)
 int bpf_dns_filter(struct __sk_buff *skb) {
   u8 ip_proto;
   int proto_off;
+  /* nh_off will contain a negative offset, used in BPF to get access to
+     the MAC/network layers, as positive values are used to get access to
+     the transport layer */
   int nh_off = BPF_LL_OFF + ETH_HLEN;
 
   if (skb->protocol == ntohs(0x0800)) {
@@ -457,7 +460,10 @@ int bpf_dns_filter(struct __sk_buff *skb) {
   }
 
   struct QNameKey qkey = { 0 };
-  int dns_off = proto_off + sizeof(struct udphdr);
+  /* switch to positive offsets here, as we have seen some issues
+     when accessing the content of the transport layer with negative offsets
+     https://github.com/PowerDNS/pdns/issues/9626 */
+  int dns_off = sizeof(struct udphdr);
   int qname_off = dns_off + sizeof(struct dnsheader);
   skb->cb[0] = (uint32_t) qname_off;
   u16 qtype;

diff --git a/pdns/bpf-filter.main.ebpf b/pdns/bpf-filter.main.ebpf
index 954b98a39657440af7a1e162a64e7f23a3c23f94..452a7d33b46ced4f627f0c7e33c373b8c2ad7f5f 100644 (file)
--- a/pdns/bpf-filter.main.ebpf
+++ b/pdns/bpf-filter.main.ebpf
@@ -1,71 +1,65 @@
 /* generated from the bpf_dns_filter() function in bpf-filter.ebpf.src */
 BPF_MOV64_REG(BPF_REG_6,BPF_REG_1),
+BPF_MOV64_IMM(BPF_REG_7,2147483647),
 BPF_LDX_MEM(BPF_W,BPF_REG_1,BPF_REG_6,16),
-BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),14),
-BPF_MOV64_IMM(BPF_REG_0,2147483647),
-BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),160),
+BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),11),
+BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),109),
 BPF_LD_ABS(BPF_W,-2097126),
-BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-4),
+BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-256),
 BPF_LD_MAP_FD(BPF_REG_1,d_v4map.fd),
 BPF_MOV64_REG(BPF_REG_2,BPF_REG_10),
-BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-4),
+BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256),
 BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem),
-BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,47),
-BPF_MOV64_IMM(BPF_REG_1,1),
-BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0),
-BPF_MOV64_IMM(BPF_REG_0,0),
-BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,148),
+BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,98),
+BPF_LD_ABS(BPF_B,-2097129),
+BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,39),
 BPF_LD_ABS(BPF_B,-2097130),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-24),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-256),
 BPF_LD_ABS(BPF_B,-2097129),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-23),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-255),
 BPF_LD_ABS(BPF_B,-2097128),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-22),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-254),
 BPF_LD_ABS(BPF_B,-2097127),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-21),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-253),
 BPF_LD_ABS(BPF_B,-2097126),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-20),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-252),
 BPF_LD_ABS(BPF_B,-2097125),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-19),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-251),
 BPF_LD_ABS(BPF_B,-2097124),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-18),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-250),
 BPF_LD_ABS(BPF_B,-2097123),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-17),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-249),
 BPF_LD_ABS(BPF_B,-2097122),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-16),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-248),
 BPF_LD_ABS(BPF_B,-2097121),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-15),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-247),
 BPF_LD_ABS(BPF_B,-2097120),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-14),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-246),
 BPF_LD_ABS(BPF_B,-2097119),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-13),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-245),
 BPF_LD_ABS(BPF_B,-2097118),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-12),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-244),
 BPF_LD_ABS(BPF_B,-2097117),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-11),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-243),
 BPF_LD_ABS(BPF_B,-2097116),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-10),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-242),
 BPF_LD_ABS(BPF_B,-2097115),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-9),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-241),
 BPF_LD_MAP_FD(BPF_REG_1,d_v6map.fd),
 BPF_MOV64_REG(BPF_REG_2,BPF_REG_10),
-BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-24),
+BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256),
 BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem),
-BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,1),
-BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-43),
-BPF_LD_IMM64_RAW(BPF_REG_7,BPF_REG_0,4292870218),
+BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,58),
 BPF_LD_ABS(BPF_B,-2097132),
-BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,3),
-BPF_LD_IMM64_RAW(BPF_REG_7,BPF_REG_0,4292870198),
-BPF_LD_ABS(BPF_B,-2097129),
-BPF_MOV64_REG(BPF_REG_1,BPF_REG_0),
-BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255),
-BPF_MOV64_IMM(BPF_REG_0,2147483647),
-BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,6,98),
+BPF_ALU64_IMM(BPF_AND,BPF_REG_0,255),
+BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,6,58),
 BPF_MOV64_IMM(BPF_REG_1,0),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-26),
-BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-28),
-BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-32),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-2),
+BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-4),
+BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-8),
+BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-16),
+BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-24),
+BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-32),
 BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-40),
 BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-48),
 BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-56),
@@ -94,67 +88,49 @@ BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-232),
 BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-240),
 BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-248),
 BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-256),
-BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-264),
-BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-272),
-BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-280),
-BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_7,48),
-BPF_MOV64_REG(BPF_REG_8,BPF_REG_7),
-BPF_ALU64_IMM(BPF_LSH,BPF_REG_8,32),
-BPF_ALU64_IMM(BPF_ARSH,BPF_REG_8,32),
-BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_8,0,0),
-BPF_MOV64_REG(BPF_REG_1,BPF_REG_0),
-BPF_MOV64_REG(BPF_REG_2,BPF_REG_1),
-BPF_ALU64_IMM(BPF_AND,BPF_REG_2,192),
-BPF_MOV64_IMM(BPF_REG_0,0),
-BPF_JMP_IMM(BPF_JGT,BPF_REG_2,63,53),
-BPF_MOV64_REG(BPF_REG_8,BPF_REG_1),
-BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255),
-BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,22),
-BPF_ALU64_IMM(BPF_OR,BPF_REG_7,1),
-BPF_ALU64_IMM(BPF_LSH,BPF_REG_7,32),
-BPF_ALU64_IMM(BPF_ARSH,BPF_REG_7,32),
-BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_H,BPF_REG_0,BPF_REG_7,0,0),
+BPF_MOV64_IMM(BPF_REG_1,20),
+BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,48),
+BPF_LD_ABS(BPF_B,20),
+BPF_MOV64_REG(BPF_REG_8,BPF_REG_0),
+BPF_MOV64_IMM(BPF_REG_7,0),
+BPF_JMP_IMM(BPF_JGT,BPF_REG_8,63,17),
+BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,18),
+BPF_LD_ABS(BPF_H,21),
 BPF_MOV64_REG(BPF_REG_6,BPF_REG_0),
 BPF_LD_MAP_FD(BPF_REG_1,d_qnamemap.fd),
 BPF_MOV64_REG(BPF_REG_2,BPF_REG_10),
-BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-280),
+BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256),
 BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem),
-BPF_MOV64_REG(BPF_REG_1,BPF_REG_0),
-BPF_MOV64_IMM(BPF_REG_0,2147483647),
-BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,0,37),
-BPF_LDX_MEM(BPF_H,BPF_REG_2,BPF_REG_1,8),
-BPF_JMP_IMM(BPF_JEQ,BPF_REG_2,255,3),
+BPF_MOV64_IMM(BPF_REG_7,2147483647),
+BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,7),
+BPF_LDX_MEM(BPF_H,BPF_REG_1,BPF_REG_0,8),
+BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,255,2),
 BPF_ALU64_IMM(BPF_AND,BPF_REG_6,65535),
-BPF_MOV64_IMM(BPF_REG_0,2147483647),
-BPF_JMP_REG(BPF_JNE,BPF_REG_6,BPF_REG_2,32),
-BPF_MOV64_IMM(BPF_REG_2,1),
-BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_1,BPF_REG_2,0,0),
-BPF_MOV64_IMM(BPF_REG_0,0),
-BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,28),
+BPF_JMP_REG(BPF_JNE,BPF_REG_1,BPF_REG_6,3),
+BPF_MOV64_IMM(BPF_REG_1,1),
+BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0),
+BPF_MOV64_IMM(BPF_REG_7,0),
+BPF_MOV64_REG(BPF_REG_0,BPF_REG_7),
+BPF_EXIT_INSN(),
 BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,52),
-BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-280),
-BPF_ALU64_IMM(BPF_OR,BPF_REG_7,1),
-BPF_ALU64_IMM(BPF_LSH,BPF_REG_7,32),
-BPF_ALU64_IMM(BPF_ARSH,BPF_REG_7,32),
-BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_7,0,0),
+BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_8,-256),
+BPF_LD_ABS(BPF_B,21),
+BPF_MOV64_REG(BPF_REG_2,BPF_REG_0),
+BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-65),
+BPF_ALU64_IMM(BPF_LSH,BPF_REG_2,32),
+BPF_ALU64_IMM(BPF_RSH,BPF_REG_2,32),
 BPF_MOV64_REG(BPF_REG_1,BPF_REG_0),
 BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,32),
-BPF_MOV64_REG(BPF_REG_2,BPF_REG_0),
-BPF_ALU64_IMM(BPF_AND,BPF_REG_2,255),
-BPF_MOV64_IMM(BPF_REG_3,91),
+BPF_MOV64_IMM(BPF_REG_3,26),
 BPF_JMP_REG(BPF_JGT,BPF_REG_3,BPF_REG_2,1),
 BPF_MOV64_REG(BPF_REG_1,BPF_REG_0),
-BPF_MOV64_IMM(BPF_REG_3,64),
-BPF_JMP_REG(BPF_JGT,BPF_REG_2,BPF_REG_3,1),
-BPF_MOV64_REG(BPF_REG_1,BPF_REG_0),
-BPF_LD_IMM64_RAW(BPF_REG_2,BPF_REG_0,4294967295),
-BPF_ALU64_REG(BPF_ADD,BPF_REG_8,BPF_REG_2),
+BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1),
+BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60),
 BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255),
 BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,56),
-BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60),
 BPF_LD_MAP_FD(BPF_REG_2,d_filtermap.fd),
 BPF_MOV64_REG(BPF_REG_1,BPF_REG_6),
 BPF_MOV64_IMM(BPF_REG_3,0),
 BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_tail_call),
-BPF_MOV64_IMM(BPF_REG_0,2147483647),
-BPF_EXIT_INSN(),
+BPF_MOV64_IMM(BPF_REG_7,2147483647),
+BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-25),