Skip to content

Commit

Permalink
WIP: dbg DNS over TCP NA fields
Browse files Browse the repository at this point in the history
Signed-off-by: Mohamed Mahmoud <[email protected]>
  • Loading branch information
msherif1234 committed Oct 27, 2023
1 parent 0891b34 commit 9abb630
Show file tree
Hide file tree
Showing 13 changed files with 63 additions and 31 deletions.
8 changes: 7 additions & 1 deletion bpf/dns_tracker.h
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
#define DNS_PORT 53
#define DNS_QR_FLAG 0x8000
#define UDP_MAXMSG 512
#define EINVAL 22

struct dns_header {
u16 id;
Expand Down Expand Up @@ -71,13 +72,16 @@ static __always_inline void track_dns_packet(struct __sk_buff *skb, pkt_info *pk

u8 len = calc_dns_header_offset(pkt, data_end);
if (!len) {
pkt->dns_errno = EINVAL;
return;
}

struct dns_header dns;
int ret;
u32 dns_offset = (long)pkt->l4_hdr - (long)skb->data + len;

if (bpf_skb_load_bytes(skb, dns_offset, &dns, sizeof(dns)) < 0) {
if ((ret = bpf_skb_load_bytes(skb, dns_offset, &dns, sizeof(dns))) < 0) {
pkt->dns_errno = -ret;
return;
}

Expand All @@ -97,10 +101,12 @@ static __always_inline void track_dns_packet(struct __sk_buff *skb, pkt_info *pk
pkt->dns_latency = ts - *value;
pkt->dns_id = dns_id;
pkt->dns_flags = flags;
pkt->dns_errno = ret;
bpf_map_delete_elem(&dns_flows, &dns_req);
}
} // end of dns response
} // end of dns port check
return;
}

#endif // __DNS_TRACKER_H__
2 changes: 2 additions & 0 deletions bpf/flows.c
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ static inline int flow_monitor(struct __sk_buff *skb, u8 direction) {
aggregate_flow->dns_record.id = pkt.dns_id;
aggregate_flow->dns_record.flags = pkt.dns_flags;
aggregate_flow->dns_record.latency = pkt.dns_latency;
aggregate_flow->dns_record.errno = pkt.dns_errno;
long ret = bpf_map_update_elem(&aggregated_flows, &id, aggregate_flow, BPF_ANY);
if (trace_messages && ret != 0) {
// usually error -16 (-EBUSY) is printed here.
Expand All @@ -119,6 +120,7 @@ static inline int flow_monitor(struct __sk_buff *skb, u8 direction) {
.dns_record.id = pkt.dns_id,
.dns_record.flags = pkt.dns_flags,
.dns_record.latency = pkt.dns_latency,
.dns_record.errno = pkt.dns_errno,
};

// even if we know that the entry is new, another CPU might be concurrently inserting a flow
Expand Down
2 changes: 2 additions & 0 deletions bpf/types.h
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ typedef struct flow_metrics_t {
u16 id;
u16 flags;
u64 latency;
u8 errno;
} __attribute__((packed)) dns_record;
u64 flow_rtt;
} __attribute__((packed)) flow_metrics;
Expand Down Expand Up @@ -162,6 +163,7 @@ typedef struct pkt_info_t {
u16 dns_id;
u16 dns_flags;
u64 dns_latency;
u8 dns_errno;
} pkt_info;

// Structure for payload metadata
Expand Down
1 change: 1 addition & 0 deletions pkg/decode/decode_protobuf.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ func PBFlowToMap(flow *pbflow.Record) config.GenericMap {
out["DnsId"] = flow.GetDnsId()
out["DnsFlags"] = flow.GetDnsFlags()
out["DnsFlagsResponseCode"] = dnsRcodeToStr(flow.GetDnsFlags() & 0xF)
out["DnsErrno"] = flow.GetDnsErrno()
}

if flow.GetPktDropLatestDropCause() != 0 {
Expand Down
4 changes: 4 additions & 0 deletions pkg/decode/decode_protobuf_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,7 @@ func TestDecodeProtobuf(t *testing.T) {
DnsLatency: durationpb.New(someDuration),
DnsId: 1,
DnsFlags: 0x8001,
DnsErrno: 0,
TimeFlowRtt: durationpb.New(someDuration),
},
expected: &config.GenericMap{
Expand Down Expand Up @@ -349,6 +350,7 @@ func TestDecodeProtobuf(t *testing.T) {
"DnsId": uint32(1),
"DnsFlags": uint32(0x8001),
"DnsFlagsResponseCode": "FormErr",
"DnsErrno": uint32(0),
"TimeFlowRttNs": someDuration.Nanoseconds(),
},
},
Expand Down Expand Up @@ -407,6 +409,7 @@ func TestPBFlowToMap(t *testing.T) {
DnsLatency: durationpb.New(someDuration),
DnsId: 1,
DnsFlags: 0x80,
DnsErrno: 0,
TimeFlowRtt: durationpb.New(someDuration),
}

Expand Down Expand Up @@ -441,6 +444,7 @@ func TestPBFlowToMap(t *testing.T) {
"DnsId": uint32(1),
"DnsFlags": uint32(0x80),
"DnsFlagsResponseCode": "NoError",
"DnsErrno": uint32(0),
"TimeFlowRttNs": someDuration.Nanoseconds(),
}, out)

Expand Down
1 change: 1 addition & 0 deletions pkg/ebpf/bpf_bpfeb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Binary file modified pkg/ebpf/bpf_bpfeb.o
Binary file not shown.
1 change: 1 addition & 0 deletions pkg/ebpf/bpf_bpfel.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Binary file modified pkg/ebpf/bpf_bpfel.o
Binary file not shown.
2 changes: 2 additions & 0 deletions pkg/exporter/proto.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ func v4FlowToPB(fr *flow.Record) *pbflow.Record {
PktDropLatestDropCause: fr.Metrics.PktDrops.LatestDropCause,
DnsId: uint32(fr.Metrics.DnsRecord.Id),
DnsFlags: uint32(fr.Metrics.DnsRecord.Flags),
DnsErrno: uint32(fr.Metrics.DnsRecord.Errno),
TimeFlowRtt: durationpb.New(fr.TimeFlowRtt),
}
if fr.Metrics.DnsRecord.Latency != 0 {
Expand Down Expand Up @@ -128,6 +129,7 @@ func v6FlowToPB(fr *flow.Record) *pbflow.Record {
PktDropLatestDropCause: fr.Metrics.PktDrops.LatestDropCause,
DnsId: uint32(fr.Metrics.DnsRecord.Id),
DnsFlags: uint32(fr.Metrics.DnsRecord.Flags),
DnsErrno: uint32(fr.Metrics.DnsRecord.Errno),
TimeFlowRtt: durationpb.New(fr.TimeFlowRtt),
}
if fr.Metrics.DnsRecord.Latency != 0 {
Expand Down
2 changes: 2 additions & 0 deletions pkg/flow/record_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ func TestRecordBinaryEncoding(t *testing.T) {
01, 00, // id
0x80, 00, // flags
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, // latency
0x00, // errno
// u64 flow_rtt
0xad, 0xde, 0xef, 0xbe, 0xef, 0xbe, 0xad, 0xde,
}))
Expand Down Expand Up @@ -82,6 +83,7 @@ func TestRecordBinaryEncoding(t *testing.T) {
Id: 0x0001,
Flags: 0x0080,
Latency: 0x1817161514131211,
Errno: 0,
},
FlowRtt: 0xdeadbeefbeefdead,
},
Expand Down
70 changes: 40 additions & 30 deletions pkg/pbflow/flow.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions proto/flow.proto
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ message Record {
uint32 dns_flags = 22;
google.protobuf.Duration dns_latency = 23;
google.protobuf.Duration time_flow_rtt = 24;
uint32 dns_errno = 25;
}

message DataLink {
Expand Down

0 comments on commit 9abb630

Please sign in to comment.