examples/networking/dns_matching/dns_matching.c - platform/external/bcc - Git at Google

 /*
  * dns_matching.c  Drop DNS packets requesting DNS name contained in hash map
  *    For Linux, uses BCC, eBPF. See .py file.
  *
  * Copyright (c) 2016 Rudi Floren.
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of version 2 of the GNU General Public
  * License as published by the Free Software Foundation.
  *
  * 11-May-2016  Rudi Floren Created this.
  */

 #include <uapi/linux/bpf.h>
 #include <uapi/linux/if_ether.h>
 #include <uapi/linux/if_packet.h>
 #include <uapi/linux/ip.h>
 #include <uapi/linux/in.h>
 #include <uapi/linux/udp.h>
 #include <bcc/proto.h>

 #define ETH_LEN 14

 struct dns_hdr_t
 {
     uint16_t id;
     uint16_t flags;
     uint16_t qdcount;
     uint16_t ancount;
     uint16_t nscount;
     uint16_t arcount;
 } BPF_PACKET_HEADER;


 struct dns_query_flags_t
 {
   uint16_t qtype;
   uint16_t qclass;
 } BPF_PACKET_HEADER;

 struct dns_char_t
 {
     char c;
 } BPF_PACKET_HEADER;

 struct Key {
   unsigned char p[255];
 };

 struct Leaf {
   // Not really needed in this example
   unsigned char p[4];
 };

 BPF_HASH(cache, struct Key, struct Leaf, 128);

 int dns_matching(struct __sk_buff *skb)
 {
   u8 *cursor = 0;
   struct Key key = {};
   // Check of ethernet/IP frame.
   struct ethernet_t *ethernet = cursor_advance(cursor, sizeof(*ethernet));
   if(ethernet->type == ETH_P_IP) {

     // Check for UDP.
     struct ip_t *ip = cursor_advance(cursor, sizeof(*ip));
     u16 hlen_bytes = ip->hlen << 2;
     if(ip->nextp == IPPROTO_UDP) {

       // Check for Port 53, DNS packet.
       struct udp_t *udp = cursor_advance(cursor, sizeof(*udp));
       if(udp->dport == 53){

         struct dns_hdr_t *dns_hdr = cursor_advance(cursor, sizeof(*dns_hdr));

         // Do nothing if packet is not a request.
         if((dns_hdr->flags >>15) != 0) {
           // Exit if this packet is not a request.
           return -1;
         }

         u16 i = 0;
         struct dns_char_t *c;
         #pragma unroll
         for(i = 0; i<255;i++){
           c = cursor_advance(cursor, 1);
           if (c->c == 0)
             break;
           key.p[i] = c->c;
         }

         struct Leaf * lookup_leaf = cache.lookup(&key);

         // If DNS name is contained in our map, keep the packet
         if(lookup_leaf) {
           bpf_trace_printk("Matched1\n");
           return -1;
         }
       }
     }
   }
   // Drop the packet
   return 0;
 }
	/*
	* dns_matching.c Drop DNS packets requesting DNS name contained in hash map
	* For Linux, uses BCC, eBPF. See .py file.
	*
	* Copyright (c) 2016 Rudi Floren.
	* This program is free software; you can redistribute it and/or
	* modify it under the terms of version 2 of the GNU General Public
	* License as published by the Free Software Foundation.
	*
	* 11-May-2016 Rudi Floren Created this.
	*/

	#include <uapi/linux/bpf.h>
	#include <uapi/linux/if_ether.h>
	#include <uapi/linux/if_packet.h>
	#include <uapi/linux/ip.h>
	#include <uapi/linux/in.h>
	#include <uapi/linux/udp.h>
	#include <bcc/proto.h>

	#define ETH_LEN 14

	struct dns_hdr_t
	{
	uint16_t id;
	uint16_t flags;
	uint16_t qdcount;
	uint16_t ancount;
	uint16_t nscount;
	uint16_t arcount;
	} BPF_PACKET_HEADER;


	struct dns_query_flags_t
	{
	uint16_t qtype;
	uint16_t qclass;
	} BPF_PACKET_HEADER;

	struct dns_char_t
	{
	char c;
	} BPF_PACKET_HEADER;

	struct Key {
	unsigned char p[255];
	};

	struct Leaf {
	// Not really needed in this example
	unsigned char p[4];
	};

	BPF_HASH(cache, struct Key, struct Leaf, 128);

	int dns_matching(struct __sk_buff *skb)
	{
	u8 *cursor = 0;
	struct Key key = {};
	// Check of ethernet/IP frame.
	struct ethernet_t ethernet = cursor_advance(cursor, sizeof(ethernet));
	if(ethernet->type == ETH_P_IP) {

	// Check for UDP.
	struct ip_t ip = cursor_advance(cursor, sizeof(ip));
	u16 hlen_bytes = ip->hlen << 2;
	if(ip->nextp == IPPROTO_UDP) {

	// Check for Port 53, DNS packet.
	struct udp_t udp = cursor_advance(cursor, sizeof(udp));
	if(udp->dport == 53){

	struct dns_hdr_t dns_hdr = cursor_advance(cursor, sizeof(dns_hdr));

	// Do nothing if packet is not a request.
	if((dns_hdr->flags >>15) != 0) {
	// Exit if this packet is not a request.
	return -1;
	}

	u16 i = 0;
	struct dns_char_t *c;
	#pragma unroll
	for(i = 0; i<255;i++){
	c = cursor_advance(cursor, 1);
	if (c->c == 0)
	break;
	key.p[i] = c->c;
	}

	struct Leaf * lookup_leaf = cache.lookup(&key);

	// If DNS name is contained in our map, keep the packet
	if(lookup_leaf) {
	bpf_trace_printk("Matched1\n");
	return -1;
	}
	}
	}
	}
	// Drop the packet
	return 0;
	}