From 9a6dfe779770f64075d98e29155ab1678a20f236 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gustavo=20I=C3=B1iguez=20Goia?= <gooffy1@gmail.com>
Date: Fri, 26 Jan 2024 20:50:50 +0100
Subject: [PATCH] ebpf,dns: initialized structs

On the previus commit we just disabled dns uprobes for armhf/i386 to
avoid loading errors. A better fix is to initialized the structs used.
On armhf still fails after loading it, when attaching to the uprobes
(offsets?), and on i386 it doesn't seem to send anything to userspace
(more analysis needed).

- Increased the number of IPs associated with a domain that are
  delivered to userspace. (getfedora.org returns 30 ipv4+ipv6).
- Fixed getting the aliases of a domain when using gethostbyname().

(cherry picked from commit 27509d6fe03443c70ad85c96b24158b681a5b2d9)
---
 ebpf_prog/opensnitch-dns.c | 27 +++++++--------------------
 1 file changed, 7 insertions(+), 20 deletions(-)

diff --git a/ebpf_prog/opensnitch-dns.c b/ebpf_prog/opensnitch-dns.c
index 79847df5a5..7bb01b751a 100644
--- a/ebpf_prog/opensnitch-dns.c
+++ b/ebpf_prog/opensnitch-dns.c
@@ -33,8 +33,9 @@
 
 //-----------------------------------
 
+// random values
 #define MAX_ALIASES 5
-#define MAX_IPS 5
+#define MAX_IPS 30
 
 struct nameLookupEvent {
     u32 addr_type;
@@ -104,8 +105,6 @@ int uretprobe__gethostbyname(struct pt_regs *ctx) {
     char **ips = {0};
     bpf_probe_read(&ips, sizeof(ips), &host->h_addr_list);
 
-#if !defined(__i386__) && !defined(__arm__)
-
 #pragma clang loop unroll(full)
     for (int i = 0; i < MAX_IPS; i++) {
         char *ip={0};
@@ -134,7 +133,7 @@ int uretprobe__gethostbyname(struct pt_regs *ctx) {
 #pragma clang loop unroll(full)
         for (int j = 0; j < MAX_ALIASES; j++) {
             char *alias = {0};
-            bpf_probe_read(&alias, sizeof(alias), &aliases[i]);
+            bpf_probe_read(&alias, sizeof(alias), &aliases[j]);
 
             if (alias == NULL) {
                 return 0;
@@ -145,8 +144,6 @@ int uretprobe__gethostbyname(struct pt_regs *ctx) {
         }
     }
 
-#endif
-
     return 0;
 }
 
@@ -188,15 +185,11 @@ int ret_addrinfo(struct pt_regs *ctx) {
     }
 
     struct addrinfo **res_p={0};
-    __builtin_memset(&res_p, 0, sizeof(res_p));
     bpf_probe_read(&res_p, sizeof(res_p), &addrinfo_args->addrinfo_ptr);
 
-#if !defined(__i386__) && !defined(__arm__)
-
 #pragma clang loop unroll(full)
     for (int i = 0; i < MAX_IPS; i++) {
-        struct addrinfo *res = {0};
-       __builtin_memset(&res, 0, sizeof(res));
+        struct addrinfo *res={0};
         bpf_probe_read(&res, sizeof(res), res_p);
         if (res == NULL) {
             goto out;
@@ -206,19 +199,17 @@ int ret_addrinfo(struct pt_regs *ctx) {
 
         if (data.addr_type == AF_INET) {
             struct sockaddr_in *ipv4={0};
-            __builtin_memset(&ipv4, 0, sizeof(ipv4));
             bpf_probe_read(&ipv4, sizeof(ipv4), &res->ai_addr);
             // Only copy the 4 relevant bytes
             bpf_probe_read_user(&data.ip, 4, &ipv4->sin_addr);
         } else if(data.addr_type == AF_INET6) {
             struct sockaddr_in6 *ipv6={0};
-            __builtin_memset(&ipv6, 0, sizeof(ipv6));
             bpf_probe_read(&ipv6, sizeof(ipv6), &res->ai_addr);
 
             bpf_probe_read_user(&data.ip, sizeof(data.ip), &ipv6->sin6_addr);
         } else {
-			goto out;
-		}
+            goto out;
+        }
 
         bpf_probe_read_kernel_str(&data.host, sizeof(data.host),
                                   &addrinfo_args->node);
@@ -226,18 +217,14 @@ int ret_addrinfo(struct pt_regs *ctx) {
         bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data,
                               sizeof(data));
 
-
         struct addrinfo * next={0};
-        __builtin_memset(&next, 0, sizeof(next));
         bpf_probe_read(&next, sizeof(next), &res->ai_next);
         if (next == NULL){
             goto out;
         }
-		res_p = &next;
+        res_p = &next;
     }
 
-#endif
-
 out:
     bpf_map_delete_elem(&addrinfo_args_hash, &tid);