From: Remi Gacogne Date: Mon, 9 Nov 2020 13:46:08 +0000 (+0100) Subject: dnsdist: Fix eBPF filtering of long qnames X-Git-Tag: dnsdist-1.6.0-alpha0~12^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F9689%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Fix eBPF filtering of long qnames This commit switches to the use of eBPF positive offsets to access the content of the transport and application layers, since using negative offsets (needed to access the other layers) led to issues with long qnames. This is cleaner anyway :-) --- diff --git a/pdns/bpf-filter.ebpf.src b/pdns/bpf-filter.ebpf.src index f1c5effcbe..9f58669068 100644 --- a/pdns/bpf-filter.ebpf.src +++ b/pdns/bpf-filter.ebpf.src @@ -401,6 +401,9 @@ int bpf_qname_filter(struct __sk_buff *skb) int bpf_dns_filter(struct __sk_buff *skb) { u8 ip_proto; int proto_off; + /* nh_off will contain a negative offset, used in BPF to get access to + the MAC/network layers, as positive values are used to get access to + the transport layer */ int nh_off = BPF_LL_OFF + ETH_HLEN; if (skb->protocol == ntohs(0x0800)) { @@ -457,7 +460,10 @@ int bpf_dns_filter(struct __sk_buff *skb) { } struct QNameKey qkey = { 0 }; - int dns_off = proto_off + sizeof(struct udphdr); + /* switch to positive offsets here, as we have seen some issues + when accessing the content of the transport layer with negative offsets + https://github.com/PowerDNS/pdns/issues/9626 */ + int dns_off = sizeof(struct udphdr); int qname_off = dns_off + sizeof(struct dnsheader); skb->cb[0] = (uint32_t) qname_off; u16 qtype; diff --git a/pdns/bpf-filter.main.ebpf b/pdns/bpf-filter.main.ebpf index 954b98a396..452a7d33b4 100644 --- a/pdns/bpf-filter.main.ebpf +++ b/pdns/bpf-filter.main.ebpf @@ -1,71 +1,65 @@ /* generated from the bpf_dns_filter() function in bpf-filter.ebpf.src */ BPF_MOV64_REG(BPF_REG_6,BPF_REG_1), +BPF_MOV64_IMM(BPF_REG_7,2147483647), BPF_LDX_MEM(BPF_W,BPF_REG_1,BPF_REG_6,16), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),14), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),160), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),11), +BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),109), BPF_LD_ABS(BPF_W,-2097126), -BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-4), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-256), BPF_LD_MAP_FD(BPF_REG_1,d_v4map.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-4), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,47), -BPF_MOV64_IMM(BPF_REG_1,1), -BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,148), +BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,98), +BPF_LD_ABS(BPF_B,-2097129), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,39), BPF_LD_ABS(BPF_B,-2097130), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-24), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-256), BPF_LD_ABS(BPF_B,-2097129), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-23), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-255), BPF_LD_ABS(BPF_B,-2097128), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-22), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-254), BPF_LD_ABS(BPF_B,-2097127), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-21), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-253), BPF_LD_ABS(BPF_B,-2097126), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-20), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-252), BPF_LD_ABS(BPF_B,-2097125), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-19), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-251), BPF_LD_ABS(BPF_B,-2097124), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-18), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-250), BPF_LD_ABS(BPF_B,-2097123), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-17), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-249), BPF_LD_ABS(BPF_B,-2097122), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-16), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-248), BPF_LD_ABS(BPF_B,-2097121), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-15), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-247), BPF_LD_ABS(BPF_B,-2097120), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-14), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-246), BPF_LD_ABS(BPF_B,-2097119), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-13), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-245), BPF_LD_ABS(BPF_B,-2097118), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-12), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-244), BPF_LD_ABS(BPF_B,-2097117), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-11), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-243), BPF_LD_ABS(BPF_B,-2097116), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-10), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-242), BPF_LD_ABS(BPF_B,-2097115), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-9), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-241), BPF_LD_MAP_FD(BPF_REG_1,d_v6map.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-24), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,1), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-43), -BPF_LD_IMM64_RAW(BPF_REG_7,BPF_REG_0,4292870218), +BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,58), BPF_LD_ABS(BPF_B,-2097132), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,3), -BPF_LD_IMM64_RAW(BPF_REG_7,BPF_REG_0,4292870198), -BPF_LD_ABS(BPF_B,-2097129), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,6,98), +BPF_ALU64_IMM(BPF_AND,BPF_REG_0,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,6,58), BPF_MOV64_IMM(BPF_REG_1,0), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-26), -BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-28), -BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-2), +BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-4), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-8), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-16), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-24), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-32), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-40), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-48), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-56), @@ -94,67 +88,49 @@ BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-232), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-240), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-248), BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-256), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-264), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-272), -BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-280), -BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_7,48), -BPF_MOV64_REG(BPF_REG_8,BPF_REG_7), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_8,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_8,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_8,0,0), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_REG(BPF_REG_2,BPF_REG_1), -BPF_ALU64_IMM(BPF_AND,BPF_REG_2,192), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JGT,BPF_REG_2,63,53), -BPF_MOV64_REG(BPF_REG_8,BPF_REG_1), -BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), -BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,22), -BPF_ALU64_IMM(BPF_OR,BPF_REG_7,1), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_7,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_7,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_H,BPF_REG_0,BPF_REG_7,0,0), +BPF_MOV64_IMM(BPF_REG_1,20), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,48), +BPF_LD_ABS(BPF_B,20), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_MOV64_IMM(BPF_REG_7,0), +BPF_JMP_IMM(BPF_JGT,BPF_REG_8,63,17), +BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,18), +BPF_LD_ABS(BPF_H,21), BPF_MOV64_REG(BPF_REG_6,BPF_REG_0), BPF_LD_MAP_FD(BPF_REG_1,d_qnamemap.fd), BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), -BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-280), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,0,37), -BPF_LDX_MEM(BPF_H,BPF_REG_2,BPF_REG_1,8), -BPF_JMP_IMM(BPF_JEQ,BPF_REG_2,255,3), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,7), +BPF_LDX_MEM(BPF_H,BPF_REG_1,BPF_REG_0,8), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,255,2), BPF_ALU64_IMM(BPF_AND,BPF_REG_6,65535), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_JMP_REG(BPF_JNE,BPF_REG_6,BPF_REG_2,32), -BPF_MOV64_IMM(BPF_REG_2,1), -BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_1,BPF_REG_2,0,0), -BPF_MOV64_IMM(BPF_REG_0,0), -BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,28), +BPF_JMP_REG(BPF_JNE,BPF_REG_1,BPF_REG_6,3), +BPF_MOV64_IMM(BPF_REG_1,1), +BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0), +BPF_MOV64_IMM(BPF_REG_7,0), +BPF_MOV64_REG(BPF_REG_0,BPF_REG_7), +BPF_EXIT_INSN(), BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,52), -BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-280), -BPF_ALU64_IMM(BPF_OR,BPF_REG_7,1), -BPF_ALU64_IMM(BPF_LSH,BPF_REG_7,32), -BPF_ALU64_IMM(BPF_ARSH,BPF_REG_7,32), -BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_7,0,0), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_8,-256), +BPF_LD_ABS(BPF_B,21), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-65), +BPF_ALU64_IMM(BPF_LSH,BPF_REG_2,32), +BPF_ALU64_IMM(BPF_RSH,BPF_REG_2,32), BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,32), -BPF_MOV64_REG(BPF_REG_2,BPF_REG_0), -BPF_ALU64_IMM(BPF_AND,BPF_REG_2,255), -BPF_MOV64_IMM(BPF_REG_3,91), +BPF_MOV64_IMM(BPF_REG_3,26), BPF_JMP_REG(BPF_JGT,BPF_REG_3,BPF_REG_2,1), BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_MOV64_IMM(BPF_REG_3,64), -BPF_JMP_REG(BPF_JGT,BPF_REG_2,BPF_REG_3,1), -BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), -BPF_LD_IMM64_RAW(BPF_REG_2,BPF_REG_0,4294967295), -BPF_ALU64_REG(BPF_ADD,BPF_REG_8,BPF_REG_2), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60), BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,56), -BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60), BPF_LD_MAP_FD(BPF_REG_2,d_filtermap.fd), BPF_MOV64_REG(BPF_REG_1,BPF_REG_6), BPF_MOV64_IMM(BPF_REG_3,0), BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_tail_call), -BPF_MOV64_IMM(BPF_REG_0,2147483647), -BPF_EXIT_INSN(), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-25),