From 6f886b64ee0394f14b09cbfb2db5583844f12788 Mon Sep 17 00:00:00 2001
From: Vincent Li <vincent.mc.li@gmail.com>
Date: Fri, 4 Oct 2024 20:03:30 +0000
Subject: [PATCH] xdp-dns: fix XDP DNS program byte reverse

user space program reverse 4ebpf2io to oi2fpbe4
and insert the domain_denylist map, but XDP program
reverse 4ebpf2io to oi2pfbe4 where 'pf' is not reversed
this result in no match and ebpf.io not blocked

from chatgpt:

"
The issue with your reverse_string function lies in the range
you're using for the loop. You're not reversing the full string,
which is why you're seeing some characters (like pf) in the wrong
order after reversal. The loop is only running up to (len - 1) / 2,
but this should run for the entire len / 2.

You also need to ensure you're reversing the string with
the correct length and handling the null terminator appropriately
if present.
"
---
 xdp-dns/xdp_dns.bpf.c | 19 +++++++++----------
 xdp-dns/xdp_dns.c     |  2 +-
 xdp-dns/xdp_dns_log.c |  2 +-
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/xdp-dns/xdp_dns.bpf.c b/xdp-dns/xdp_dns.bpf.c
index 725a7a59..41939fa1 100644
--- a/xdp-dns/xdp_dns.bpf.c
+++ b/xdp-dns/xdp_dns.bpf.c
@@ -41,7 +41,7 @@
 // do not use libc includes because this causes clang
 // to include 32bit headers on 64bit ( only ) systems.
 #define memcpy __builtin_memcpy
-#define MAX_DOMAIN_SIZE 128
+#define MAX_DOMAIN_SIZE 63
 
 struct meta_data {
 	__u16 eth_proto;
@@ -217,11 +217,11 @@ static __always_inline __u8 custom_strlen(const char *str, struct cursor *c)
 
 static __always_inline void reverse_string(char *str, __u8 len)
 {
-	for (int i = 0; i < (len - 1) / 2; i++) {
-		char temp = str[i];
-		str[i] = str[len - 1 - i];
-		str[len - 1 - i] = temp;
-	}
+        for (int i = 0; i < len / 2; i++) {
+                char temp = str[i];
+                str[i] = str[len - 1 - i];
+                str[len - 1 - i] = temp;
+        }
 }
 
 SEC("xdp")
@@ -234,7 +234,6 @@ int xdp_dns_denylist(struct xdp_md *ctx)
 	struct udphdr *udp;
 	struct dnshdr *dns;
 	char *qname;
-	//__u8 value = 1;
 	__u8 len = 0;
 
 	struct domain_key dkey = { 0 }; // LPM trie key
@@ -272,8 +271,7 @@ int xdp_dns_denylist(struct xdp_md *ctx)
 			}
 
 			len = custom_strlen(qname, &c);
-			bpf_printk("qname  %s len is %d from %pI4", qname, len,
-				   &ipv4->saddr);
+			//bpf_printk("qname  %s len is %d from %pI4", qname, len, &ipv4->saddr);
 
 			//avoid R2 offset is outside of the packet error
 			if (qname + len > c.end)
@@ -317,7 +315,8 @@ int xdp_dns_denylist(struct xdp_md *ctx)
 				return XDP_DROP;
 			}
 
-			/*
+/*
+			__u8 value = 1;
 			if (bpf_map_update_elem(&domain_denylist, &dkey, &value, BPF_ANY) < 0) {
 				bpf_printk("Domain %s not updated in denylist\n", dkey.data);
 			} else {
diff --git a/xdp-dns/xdp_dns.c b/xdp-dns/xdp_dns.c
index c595d11b..7e10cb76 100644
--- a/xdp-dns/xdp_dns.c
+++ b/xdp-dns/xdp_dns.c
@@ -22,7 +22,7 @@
 #include <errno.h>
 #include <stdlib.h>
 
-#define MAX_DOMAIN_SIZE 128 // Increased size to handle larger domains
+#define MAX_DOMAIN_SIZE 63 // Increased size to handle larger domains
 
 struct domain_key {
 	struct bpf_lpm_trie_key lpm_key;
diff --git a/xdp-dns/xdp_dns_log.c b/xdp-dns/xdp_dns_log.c
index 1eafb469..0df78aed 100644
--- a/xdp-dns/xdp_dns_log.c
+++ b/xdp-dns/xdp_dns_log.c
@@ -21,7 +21,7 @@
 #include <bpf/bpf.h>
 #include <syslog.h>
 
-#define MAX_DOMAIN_SIZE 128
+#define MAX_DOMAIN_SIZE 63
 
 struct qname_event {
 	__u8 len;