From ba86f38154ef13c0ddc599a7b0cfc401fd258e52 Mon Sep 17 00:00:00 2001
From: Vincent Li <vincent.mc.li@gmail.com>
Date: Wed, 2 Oct 2024 17:44:54 +0000
Subject: [PATCH] xdp-dnsrrl: remove domain_denylist

we have xdp-dns for domain denylist, remove
it from xdp-dnsrrl

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
---
 xdp-dnsrrl/xdp_dnsrrl.bpf.c | 51 +++++--------------------------------
 1 file changed, 7 insertions(+), 44 deletions(-)

diff --git a/xdp-dnsrrl/xdp_dnsrrl.bpf.c b/xdp-dnsrrl/xdp_dnsrrl.bpf.c
index b6f3eee8..7656b99f 100644
--- a/xdp-dnsrrl/xdp_dnsrrl.bpf.c
+++ b/xdp-dnsrrl/xdp_dnsrrl.bpf.c
@@ -80,14 +80,6 @@ struct {
         __uint(map_flags, BPF_F_NO_PREALLOC);
 } exclude_v6_prefixes __section(".maps");
 
-struct {
-    __uint(type, BPF_MAP_TYPE_HASH);
-    __type(key, char[256]);
-    __type(value, __u8);
-    __uint(max_entries, 1024);
-    __uint(pinning, LIBBPF_PIN_BY_NAME);
-} domain_denylist SEC(".maps");
-
 /*
  *  Store the time frame
  */
@@ -196,7 +188,7 @@ struct ethhdr *parse_eth(struct cursor *c, __u16 *eth_proto)
 }
 
 static  inline
-__u8 *parse_dname(struct cursor *c)
+__u8 *skip_dname(struct cursor *c)
 {
         __u8 *dname = c->pos;
 	__u8 i;
@@ -554,7 +546,6 @@ int xdp_dns(struct xdp_md *ctx)
 	struct udphdr    *udp;
 	struct dnshdr    *dns;
 	__u64         *count;
-	__u8	*qname;
 
 	if (bpf_xdp_adjust_meta(ctx, -(int)sizeof(struct meta_data)))
 		return XDP_PASS;
@@ -593,23 +584,9 @@ int xdp_dns(struct xdp_md *ctx)
 			if (dns->flags.as_bits_and_pieces.qr
 			||  dns->qdcount != __bpf_htons(1)
 			||  dns->ancount || dns->nscount
-			||  dns->arcount >  __bpf_htons(2))
-				return XDP_ABORTED; // Return FORMERR?
-
-			qname = parse_dname(&c);
-			if (!qname) {
-				return XDP_ABORTED; // Return FORMERR?
-			}
-
-                        // avoid R2 offset is outside of the packet error
-                        if (qname + 256 > c.end)
-				return XDP_ABORTED; // Return FORMERR?
-
-                        // Check against the domain denylist
-                        if (bpf_map_lookup_elem(&domain_denylist, qname))
-                                return XDP_DROP;
-
-			if (!parse_dns_qrr(&c))
+			||  dns->arcount >  __bpf_htons(2)
+			||  !skip_dname(&c)
+			||  !parse_dns_qrr(&c))
 				return XDP_ABORTED; // Return FORMERR?
 
 			if (dns->arcount == 0) {
@@ -652,23 +629,9 @@ int xdp_dns(struct xdp_md *ctx)
 			if (dns->flags.as_bits_and_pieces.qr
 			||  dns->qdcount != __bpf_htons(1)
 			||  dns->ancount || dns->nscount
-			||  dns->arcount >  __bpf_htons(2))
-				return XDP_ABORTED; // Return FORMERR?
-
-			qname = parse_dname(&c);
-			if (!qname) {
-				return XDP_ABORTED; // Return FORMERR?
-			}
-
-                        // avoid R2 offset is outside of the packet error
-                        if (qname + 256 > c.end)
-				return XDP_ABORTED; // Return FORMERR?
-
-                        // Check against the domain denylist
-                        if (bpf_map_lookup_elem(&domain_denylist, qname))
-                                return XDP_DROP;
-
-			if (!parse_dns_qrr(&c))
+			||  dns->arcount >  __bpf_htons(2)
+			||  !skip_dname(&c)
+			||  !parse_dns_qrr(&c))
 				return XDP_ABORTED; // Return FORMERR?
 
 			if (dns->arcount == 0) {