Hello guys,

i already had an issue resolved by one of u on github.

I continued working on my project and came across problem.

Basically i will insert a bunch of domain names via python into my hash_table, and in my bpf program i want to check if the name of the incoming packet is in my hash_table.

For filling my table i use this little python snipped:

def encode_dns(name):

  size = 32

  if len(name) > 253:

    raise Exception("DNS Name too long.")

  b = bytearray()

  elements = name.split(".")

  for element in elements:

    b.extend(struct.pack("!B", len(element)))

    b.extend(element)

  blen = len(b)

  for i in range(blen, size): 

    b.append(b'\x00')

  return (c_ubyte * size).from_buffer(b)

cache = bpf.get_table("cache")

key = cache.Key()

key.p = encode_dns("foo.bar")

cache[key] = leaf


When dumping the keys of the hash_table with hexdump they seem to be right. (dns encoding wise.)

But my bpf program doesn't match the key.

It is basically the same as the fixed one in my gh-issue (#446)

struct Key key = {};

...

if (cursor == sentinel) goto end; c = cursor_advance(cursor, 1); key.p[i++] = c->c; //repeating

...

struct Leaf * lookup_leaf = cache.lookup(&key);

        if(lookup_leaf) {

          bpf_trace_printk("yes im in cache");

         }

...

I tried to bpf_trace_printk my key to verify that it is the same as the one in the cache but did't succeed.

Anyone has an idea what i am doing wrong?
Full code is available in this gist: https://gist.github.com/valkum/0d70028b864b89639b4c0f6616612463

Thanks,

Rudi

On Tue, Apr 26, 2016 at 8:51 AM, Rudi Floren via iovisor-dev
<iovisor-dev@...> wrote:
> Just a short update.
> I managed to get it working finally. The sentinel was was off by 4 bytes, as
> the dns question has the 2 fields qtype and qclass at the end.

good to know.
if you don't mind, could you push your working script to examples/networking/
so when we implement 'bounded loop' instructions your use case is accounted for.

thanks

> Rudi Floren <rudi.floren@...> schrieb am Mo., 25. Apr. 2016 um 20:05
> Uhr:
>>
>> Hello guys,
>>
>> i already had an issue resolved by one of u on github.
>> I continued working on my project and came across problem.
>>
>> Basically i will insert a bunch of domain names via python into my
>> hash_table, and in my bpf program i want to check if the name of the
>> incoming packet is in my hash_table.
>>
>> For filling my table i use this little python snipped:
>> def encode_dns(name):
>>   size = 32
>>   if len(name) > 253:
>>     raise Exception("DNS Name too long.")
>>   b = bytearray()
>>   elements = name.split(".")
>>   for element in elements:
>>     b.extend(struct.pack("!B", len(element)))
>>     b.extend(element)
>>
>>   blen = len(b)
>>   for i in range(blen, size):
>>     b.append(b'\x00')
>>   return (c_ubyte * size).from_buffer(b)
>>
>> cache = bpf.get_table("cache")
>> key = cache.Key()
>> key.p = encode_dns("foo.bar")
>> cache[key] = leaf
>>
>>
>> When dumping the keys of the hash_table with hexdump they seem to be
>> right. (dns encoding wise.)
>>
>> But my bpf program doesn't match the key.
>> It is basically the same as the fixed one in my gh-issue (#446)
>> struct Key key = {};
>> ...
>> if (cursor == sentinel) goto end; c = cursor_advance(cursor, 1);
>> key.p[i++] = c->c; //repeating
>> ...
>> struct Leaf * lookup_leaf = cache.lookup(&key);
>>
>>         if(lookup_leaf) {
>>           bpf_trace_printk("yes im in cache");
>>
>>          }
>> ...
>> I tried to bpf_trace_printk my key to verify that it is the same as the
>> one in the cache but did't succeed.
>>
>> Anyone has an idea what i am doing wrong?
>> Full code is available in this gist:
>> https://gist.github.com/valkum/0d70028b864b89639b4c0f6616612463
>>
>> Thanks,
>>
>> Rudi
>
>
> _______________________________________________
> iovisor-dev mailing list
> iovisor-dev@...
> https://lists.iovisor.org/mailman/listinfo/iovisor-dev
>