From: Remi Gacogne Date: Mon, 9 Nov 2020 13:46:08 +0000 (+0100) Subject: dnsdist: Fix eBPF filtering of long qnames X-Git-Tag: dnsdist-1.6.0-alpha0~12^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9689%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Fix eBPF filtering of long qnames This commit switches to the use of eBPF positive offsets to access the content of the transport and application layers, since using negative offsets (needed to access the other layers) led to issues with long qnames. This is cleaner anyway :-) --- diff --git a/pdns/bpf-filter.ebpf.src b/pdns/bpf-filter.ebpf.src index f1c5effcbe..9f58669068 100644 --- a/pdns/bpf-filter.ebpf.src +++ b/pdns/bpf-filter.ebpf.src @@ -401,6 +401,9 @@ int bpf_qname_filter(struct __sk_buff *skb) int bpf_dns_filter(struct __sk_buff *skb) { u8 ip_proto; int proto_off; + /* nh_off will contain a negative offset, used in BPF to get access to + the MAC/network layers, as positive values are used to get access to + the transport layer */ int nh_off = BPF_LL_OFF + ETH_HLEN; if (skb->protocol == ntohs(0x0800)) { @@ -457,7 +460,10 @@ int bpf_dns_filter(struct __sk_buff *skb) { } struct QNameKey qkey = { 0 }; - int dns_off = proto_off + sizeof(struct udphdr); + /* switch to positive offsets here, as we have seen some issues + when accessing the content of the transport layer with negative offsets + https://github.com/PowerDNS/pdns/issues/9626 */ + int dns_off = sizeof(struct udphdr); int qname_off = dns_off + sizeof(struct dnsheader); skb->cb[0] = (uint32_t) qname_off; u16 qtype; diff --git a/pdns/bpf-filter.main.ebpf b/pdns/bpf-filter.main.ebpf index 954b98a396..452a7d33b4 100644 --- a/pdns/bpf-filter.main.ebpf +++ b/pdns/bpf-filter.main.ebpf @@ -1,71 +1,65 @@ /* generated from the bpf_dns_filter() function in bpf-filter.ebpf.src */ BPF_MOV64_REG(BPF_REG_6,BPF_REG_1), +BPF_MOV64_IMM(BPF_REG_7,2147483647), BPF_LDX_MEM(BPF_W,BPF_REG_1,BPF_REG_6,16), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),14), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),160), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),11), +BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),109), BPF_LD_ABS(BPF_W,-2097126), -BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-4), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-256), BPF_LD_MAP_FD(BPF_REG_1,d_v4map.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-4), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,47), -BPF_MOV64_IMM(BPF_REG_1,1), -BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,148), +BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,98), +BPF_LD_ABS(BPF_B,-2097129), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,39), BPF_LD_ABS(BPF_B,-2097130), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-24), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-256), BPF_LD_ABS(BPF_B,-2097129), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-23), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-255), BPF_LD_ABS(BPF_B,-2097128), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-22), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-254), BPF_LD_ABS(BPF_B,-2097127), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-21), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-253), BPF_LD_ABS(BPF_B,-2097126), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-20), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-252), BPF_LD_ABS(BPF_B,-2097125), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-19), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-251), BPF_LD_ABS(BPF_B,-2097124), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-18), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-250), BPF_LD_ABS(BPF_B,-2097123), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-17), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-249), BPF_LD_ABS(BPF_B,-2097122), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-16), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-248), BPF_LD_ABS(BPF_B,-2097121), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-15), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-247), BPF_LD_ABS(BPF_B,-2097120), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-14), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-246), BPF_LD_ABS(BPF_B,-2097119), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-13), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-245), BPF_LD_ABS(BPF_B,-2097118), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-12), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-244), BPF_LD_ABS(BPF_B,-2097117), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-11), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-243), BPF_LD_ABS(BPF_B,-2097116), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-10), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-242), BPF_LD_ABS(BPF_B,-2097115), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-9), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-241), BPF_LD_MAP_FD(BPF_REG_1,d_v6map.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-24), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,1), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-43), -BPF_LD_IMM64_RAW(BPF_REG_7,BPF_REG_0,4292870218), +BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,58), BPF_LD_ABS(BPF_B,-2097132), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,3), -BPF_LD_IMM64_RAW(BPF_REG_7,BPF_REG_0,4292870198), -BPF_LD_ABS(BPF_B,-2097129), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,6,98), +BPF_ALU64_IMM(BPF_AND,BPF_REG_0,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,6,58), BPF_MOV64_IMM(BPF_REG_1,0), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-26), -BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-28), -BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-2), +BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-4), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-8), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-16), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-24), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-32), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-40), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-48), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-56), @@ -94,67 +88,49 @@ BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-232), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-240), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-248), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-256), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-264), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-272), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-280), -BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_7,48), -BPF_MOV64_REG(BPF_REG_8,BPF_REG_7), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_8,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_8,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_8,0,0), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_REG(BPF_REG_2,BPF_REG_1), -BPF_ALU64_IMM(BPF_AND,BPF_REG_2,192), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JGT,BPF_REG_2,63,53), -BPF_MOV64_REG(BPF_REG_8,BPF_REG_1), -BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), -BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,22), -BPF_ALU64_IMM(BPF_OR,BPF_REG_7,1), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_7,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_7,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_H,BPF_REG_0,BPF_REG_7,0,0), +BPF_MOV64_IMM(BPF_REG_1,20), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,48), +BPF_LD_ABS(BPF_B,20), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_MOV64_IMM(BPF_REG_7,0), +BPF_JMP_IMM(BPF_JGT,BPF_REG_8,63,17), +BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,18), +BPF_LD_ABS(BPF_H,21), BPF_MOV64_REG(BPF_REG_6,BPF_REG_0), BPF_LD_MAP_FD(BPF_REG_1,d_qnamemap.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-280), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,0,37), -BPF_LDX_MEM(BPF_H,BPF_REG_2,BPF_REG_1,8), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_2,255,3), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,7), +BPF_LDX_MEM(BPF_H,BPF_REG_1,BPF_REG_0,8), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,255,2), BPF_ALU64_IMM(BPF_AND,BPF_REG_6,65535), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_REG(BPF_JNE,BPF_REG_6,BPF_REG_2,32), -BPF_MOV64_IMM(BPF_REG_2,1), -BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_1,BPF_REG_2,0,0), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,28), +BPF_JMP_REG(BPF_JNE,BPF_REG_1,BPF_REG_6,3), +BPF_MOV64_IMM(BPF_REG_1,1), +BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0), +BPF_MOV64_IMM(BPF_REG_7,0), +BPF_MOV64_REG(BPF_REG_0,BPF_REG_7), +BPF_EXIT_INSN(), BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,52), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-280), -BPF_ALU64_IMM(BPF_OR,BPF_REG_7,1), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_7,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_7,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_7,0,0), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_8,-256), +BPF_LD_ABS(BPF_B,21), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-65), +BPF_ALU64_IMM(BPF_LSH,BPF_REG_2,32), +BPF_ALU64_IMM(BPF_RSH,BPF_REG_2,32), BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,32), -BPF_MOV64_REG(BPF_REG_2,BPF_REG_0), -BPF_ALU64_IMM(BPF_AND,BPF_REG_2,255), -BPF_MOV64_IMM(BPF_REG_3,91), +BPF_MOV64_IMM(BPF_REG_3,26), BPF_JMP_REG(BPF_JGT,BPF_REG_3,BPF_REG_2,1), BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_IMM(BPF_REG_3,64), -BPF_JMP_REG(BPF_JGT,BPF_REG_2,BPF_REG_3,1), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_LD_IMM64_RAW(BPF_REG_2,BPF_REG_0,4294967295), -BPF_ALU64_REG(BPF_ADD,BPF_REG_8,BPF_REG_2), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60), BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,56), -BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60), BPF_LD_MAP_FD(BPF_REG_2,d_filtermap.fd), BPF_MOV64_REG(BPF_REG_1,BPF_REG_6), BPF_MOV64_IMM(BPF_REG_3,0), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_tail_call), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_EXIT_INSN(), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-25),