xdp-dns: fix XDP DNS program byte reverse

user space program reverse 4ebpf2io to oi2fpbe4 and insert the domain_denylist map, but XDP program reverse 4ebpf2io to oi2pfbe4 where 'pf' is not reversed this result in no match and ebpf.io not blocked from chatgpt: " The issue with your reverse_string function lies in the range you're using for the loop. You're not reversing the full string, which is why you're seeing some characters (like pf) in the wrong order after reversal. The loop is only running up to (len - 1) / 2, but this should run for the entire len / 2. You also need to ensure you're reversing the string with the correct length and handling the null terminator appropriately if present. "
vincentmli · Oct 4, 2024 · 6f886b6 · 6f886b6
1 parent ba86f38
commit 6f886b6
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 12 deletions.
diff --git a/xdp-dns/xdp_dns.bpf.c b/xdp-dns/xdp_dns.bpf.c
@@ -41,7 +41,7 @@
 // do not use libc includes because this causes clang
 // to include 32bit headers on 64bit ( only ) systems.
 #define memcpy __builtin_memcpy
-#define MAX_DOMAIN_SIZE 128
+#define MAX_DOMAIN_SIZE 63
 
 struct meta_data {
 	__u16 eth_proto;
@@ -217,11 +217,11 @@ static __always_inline __u8 custom_strlen(const char *str, struct cursor *c)
 
 static __always_inline void reverse_string(char *str, __u8 len)
 {
-	for (int i = 0; i < (len - 1) / 2; i++) {
-		char temp = str[i];
-		str[i] = str[len - 1 - i];
-		str[len - 1 - i] = temp;
-	}
+        for (int i = 0; i < len / 2; i++) {
+                char temp = str[i];
+                str[i] = str[len - 1 - i];
+                str[len - 1 - i] = temp;
+        }
 }
 
 SEC("xdp")
@@ -234,7 +234,6 @@ int xdp_dns_denylist(struct xdp_md *ctx)
 	struct udphdr *udp;
 	struct dnshdr *dns;
 	char *qname;
-	//__u8 value = 1;
 	__u8 len = 0;
 
 	struct domain_key dkey = { 0 }; // LPM trie key
@@ -272,8 +271,7 @@ int xdp_dns_denylist(struct xdp_md *ctx)
 			}
 
 			len = custom_strlen(qname, &c);
-			bpf_printk("qname  %s len is %d from %pI4", qname, len,
-				   &ipv4->saddr);
+			//bpf_printk("qname  %s len is %d from %pI4", qname, len, &ipv4->saddr);
 
 			//avoid R2 offset is outside of the packet error
 			if (qname + len > c.end)
@@ -317,7 +315,8 @@ int xdp_dns_denylist(struct xdp_md *ctx)
 				return XDP_DROP;
 			}
 
-			/*
+/*
+			__u8 value = 1;
 			if (bpf_map_update_elem(&domain_denylist, &dkey, &value, BPF_ANY) < 0) {
 				bpf_printk("Domain %s not updated in denylist\n", dkey.data);
 			} else {

diff --git a/xdp-dns/xdp_dns.c b/xdp-dns/xdp_dns.c
@@ -22,7 +22,7 @@
 #include <errno.h>
 #include <stdlib.h>
 
-#define MAX_DOMAIN_SIZE 128 // Increased size to handle larger domains
+#define MAX_DOMAIN_SIZE 63 // Increased size to handle larger domains
 
 struct domain_key {
 	struct bpf_lpm_trie_key lpm_key;

diff --git a/xdp-dns/xdp_dns_log.c b/xdp-dns/xdp_dns_log.c
@@ -21,7 +21,7 @@
 #include <bpf/bpf.h>
 #include <syslog.h>
 
-#define MAX_DOMAIN_SIZE 128
+#define MAX_DOMAIN_SIZE 63
 
 struct qname_event {
 	__u8 len;