Skip to content

Commit

Permalink
xdp-dnsrrl: remove domain_denylist
Browse files Browse the repository at this point in the history
we have xdp-dns for domain denylist, remove
it from xdp-dnsrrl

Signed-off-by: Vincent Li <[email protected]>
  • Loading branch information
vincentmli committed Oct 2, 2024
1 parent 135a121 commit e366551
Showing 1 changed file with 7 additions and 44 deletions.
51 changes: 7 additions & 44 deletions xdp-dnsrrl/xdp_dnsrrl.bpf.c
Original file line number Diff line number Diff line change
Expand Up @@ -80,14 +80,6 @@ struct {
__uint(map_flags, BPF_F_NO_PREALLOC);
} exclude_v6_prefixes __section(".maps");

struct {
__uint(type, BPF_MAP_TYPE_HASH);
__type(key, char[256]);
__type(value, __u8);
__uint(max_entries, 1024);
__uint(pinning, LIBBPF_PIN_BY_NAME);
} domain_denylist SEC(".maps");

/*
* Store the time frame
*/
Expand Down Expand Up @@ -196,7 +188,7 @@ struct ethhdr *parse_eth(struct cursor *c, __u16 *eth_proto)
}

static inline
__u8 *parse_dname(struct cursor *c)
__u8 *skip_dname(struct cursor *c)
{
__u8 *dname = c->pos;
__u8 i;
Expand Down Expand Up @@ -554,7 +546,6 @@ int xdp_dns(struct xdp_md *ctx)
struct udphdr *udp;
struct dnshdr *dns;
__u64 *count;
__u8 *qname;

if (bpf_xdp_adjust_meta(ctx, -(int)sizeof(struct meta_data)))
return XDP_PASS;
Expand Down Expand Up @@ -593,23 +584,9 @@ int xdp_dns(struct xdp_md *ctx)
if (dns->flags.as_bits_and_pieces.qr
|| dns->qdcount != __bpf_htons(1)
|| dns->ancount || dns->nscount
|| dns->arcount > __bpf_htons(2))
return XDP_ABORTED; // Return FORMERR?

qname = parse_dname(&c);
if (!qname) {
return XDP_ABORTED; // Return FORMERR?
}

// avoid R2 offset is outside of the packet error
if (qname + 256 > c.end)
return XDP_ABORTED; // Return FORMERR?

// Check against the domain denylist
if (bpf_map_lookup_elem(&domain_denylist, qname))
return XDP_DROP;

if (!parse_dns_qrr(&c))
|| dns->arcount > __bpf_htons(2)
|| !skip_dname(&c)
|| !parse_dns_qrr(&c))
return XDP_ABORTED; // Return FORMERR?

if (dns->arcount == 0) {
Expand Down Expand Up @@ -652,23 +629,9 @@ int xdp_dns(struct xdp_md *ctx)
if (dns->flags.as_bits_and_pieces.qr
|| dns->qdcount != __bpf_htons(1)
|| dns->ancount || dns->nscount
|| dns->arcount > __bpf_htons(2))
return XDP_ABORTED; // Return FORMERR?

qname = parse_dname(&c);
if (!qname) {
return XDP_ABORTED; // Return FORMERR?
}

// avoid R2 offset is outside of the packet error
if (qname + 256 > c.end)
return XDP_ABORTED; // Return FORMERR?

// Check against the domain denylist
if (bpf_map_lookup_elem(&domain_denylist, qname))
return XDP_DROP;

if (!parse_dns_qrr(&c))
|| dns->arcount > __bpf_htons(2)
|| !skip_dname(&c)
|| !parse_dns_qrr(&c))
return XDP_ABORTED; // Return FORMERR?

if (dns->arcount == 0) {
Expand Down

0 comments on commit e366551

Please sign in to comment.