From abbc72876eabc7a1745f50e7a9ff4c41b4bbef62 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 9 Nov 2020 14:46:08 +0100 Subject: [PATCH] dnsdist: Fix eBPF filtering of long qnames This commit switches to the use of eBPF positive offsets to access the content of the transport and application layers, since using negative offsets (needed to access the other layers) led to issues with long qnames. This is cleaner anyway :-) --- pdns/bpf-filter.ebpf.src | 8 +- pdns/bpf-filter.main.ebpf | 152 ++++++++++++++++---------------------- 2 files changed, 71 insertions(+), 89 deletions(-) diff --git a/pdns/bpf-filter.ebpf.src b/pdns/bpf-filter.ebpf.src index f1c5effcbe..9f58669068 100644 --- a/pdns/bpf-filter.ebpf.src +++ b/pdns/bpf-filter.ebpf.src @@ -401,6 +401,9 @@ int bpf_qname_filter(struct __sk_buff *skb) int bpf_dns_filter(struct __sk_buff *skb) { u8 ip_proto; int proto_off; + /* nh_off will contain a negative offset, used in BPF to get access to + the MAC/network layers, as positive values are used to get access to + the transport layer */ int nh_off = BPF_LL_OFF + ETH_HLEN; if (skb->protocol == ntohs(0x0800)) { @@ -457,7 +460,10 @@ int bpf_dns_filter(struct __sk_buff *skb) { } struct QNameKey qkey = { 0 }; - int dns_off = proto_off + sizeof(struct udphdr); + /* switch to positive offsets here, as we have seen some issues + when accessing the content of the transport layer with negative offsets + https://github.com/PowerDNS/pdns/issues/9626 */ + int dns_off = sizeof(struct udphdr); int qname_off = dns_off + sizeof(struct dnsheader); skb->cb[0] = (uint32_t) qname_off; u16 qtype; diff --git a/pdns/bpf-filter.main.ebpf b/pdns/bpf-filter.main.ebpf index 954b98a396..452a7d33b4 100644 --- a/pdns/bpf-filter.main.ebpf +++ b/pdns/bpf-filter.main.ebpf @@ -1,71 +1,65 @@ /* generated from the bpf_dns_filter() function in bpf-filter.ebpf.src */ BPF_MOV64_REG(BPF_REG_6,BPF_REG_1), +BPF_MOV64_IMM(BPF_REG_7,2147483647), BPF_LDX_MEM(BPF_W,BPF_REG_1,BPF_REG_6,16), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),14), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),160), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),11), +BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),109), BPF_LD_ABS(BPF_W,-2097126), -BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-4), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-256), BPF_LD_MAP_FD(BPF_REG_1,d_v4map.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-4), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,47), -BPF_MOV64_IMM(BPF_REG_1,1), -BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,148), +BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,98), +BPF_LD_ABS(BPF_B,-2097129), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,39), BPF_LD_ABS(BPF_B,-2097130), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-24), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-256), BPF_LD_ABS(BPF_B,-2097129), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-23), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-255), BPF_LD_ABS(BPF_B,-2097128), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-22), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-254), BPF_LD_ABS(BPF_B,-2097127), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-21), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-253), BPF_LD_ABS(BPF_B,-2097126), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-20), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-252), BPF_LD_ABS(BPF_B,-2097125), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-19), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-251), BPF_LD_ABS(BPF_B,-2097124), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-18), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-250), BPF_LD_ABS(BPF_B,-2097123), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-17), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-249), BPF_LD_ABS(BPF_B,-2097122), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-16), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-248), BPF_LD_ABS(BPF_B,-2097121), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-15), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-247), BPF_LD_ABS(BPF_B,-2097120), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-14), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-246), BPF_LD_ABS(BPF_B,-2097119), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-13), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-245), BPF_LD_ABS(BPF_B,-2097118), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-12), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-244), BPF_LD_ABS(BPF_B,-2097117), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-11), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-243), BPF_LD_ABS(BPF_B,-2097116), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-10), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-242), BPF_LD_ABS(BPF_B,-2097115), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-9), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-241), BPF_LD_MAP_FD(BPF_REG_1,d_v6map.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-24), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,1), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-43), -BPF_LD_IMM64_RAW(BPF_REG_7,BPF_REG_0,4292870218), +BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,58), BPF_LD_ABS(BPF_B,-2097132), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,3), -BPF_LD_IMM64_RAW(BPF_REG_7,BPF_REG_0,4292870198), -BPF_LD_ABS(BPF_B,-2097129), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,6,98), +BPF_ALU64_IMM(BPF_AND,BPF_REG_0,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,6,58), BPF_MOV64_IMM(BPF_REG_1,0), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-26), -BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-28), -BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-2), +BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-4), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-8), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-16), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-24), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-32), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-40), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-48), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-56), @@ -94,67 +88,49 @@ BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-232), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-240), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-248), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-256), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-264), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-272), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-280), -BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_7,48), -BPF_MOV64_REG(BPF_REG_8,BPF_REG_7), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_8,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_8,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_8,0,0), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_REG(BPF_REG_2,BPF_REG_1), -BPF_ALU64_IMM(BPF_AND,BPF_REG_2,192), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JGT,BPF_REG_2,63,53), -BPF_MOV64_REG(BPF_REG_8,BPF_REG_1), -BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), -BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,22), -BPF_ALU64_IMM(BPF_OR,BPF_REG_7,1), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_7,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_7,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_H,BPF_REG_0,BPF_REG_7,0,0), +BPF_MOV64_IMM(BPF_REG_1,20), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,48), +BPF_LD_ABS(BPF_B,20), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_MOV64_IMM(BPF_REG_7,0), +BPF_JMP_IMM(BPF_JGT,BPF_REG_8,63,17), +BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,18), +BPF_LD_ABS(BPF_H,21), BPF_MOV64_REG(BPF_REG_6,BPF_REG_0), BPF_LD_MAP_FD(BPF_REG_1,d_qnamemap.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-280), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,0,37), -BPF_LDX_MEM(BPF_H,BPF_REG_2,BPF_REG_1,8), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_2,255,3), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,7), +BPF_LDX_MEM(BPF_H,BPF_REG_1,BPF_REG_0,8), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,255,2), BPF_ALU64_IMM(BPF_AND,BPF_REG_6,65535), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_REG(BPF_JNE,BPF_REG_6,BPF_REG_2,32), -BPF_MOV64_IMM(BPF_REG_2,1), -BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_1,BPF_REG_2,0,0), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,28), +BPF_JMP_REG(BPF_JNE,BPF_REG_1,BPF_REG_6,3), +BPF_MOV64_IMM(BPF_REG_1,1), +BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0), +BPF_MOV64_IMM(BPF_REG_7,0), +BPF_MOV64_REG(BPF_REG_0,BPF_REG_7), +BPF_EXIT_INSN(), BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,52), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-280), -BPF_ALU64_IMM(BPF_OR,BPF_REG_7,1), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_7,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_7,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_7,0,0), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_8,-256), +BPF_LD_ABS(BPF_B,21), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-65), +BPF_ALU64_IMM(BPF_LSH,BPF_REG_2,32), +BPF_ALU64_IMM(BPF_RSH,BPF_REG_2,32), BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,32), -BPF_MOV64_REG(BPF_REG_2,BPF_REG_0), -BPF_ALU64_IMM(BPF_AND,BPF_REG_2,255), -BPF_MOV64_IMM(BPF_REG_3,91), +BPF_MOV64_IMM(BPF_REG_3,26), BPF_JMP_REG(BPF_JGT,BPF_REG_3,BPF_REG_2,1), BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_IMM(BPF_REG_3,64), -BPF_JMP_REG(BPF_JGT,BPF_REG_2,BPF_REG_3,1), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_LD_IMM64_RAW(BPF_REG_2,BPF_REG_0,4294967295), -BPF_ALU64_REG(BPF_ADD,BPF_REG_8,BPF_REG_2), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60), BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,56), -BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60), BPF_LD_MAP_FD(BPF_REG_2,d_filtermap.fd), BPF_MOV64_REG(BPF_REG_1,BPF_REG_6), BPF_MOV64_IMM(BPF_REG_3,0), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_tail_call), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_EXIT_INSN(), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-25), -- 2.47.2