Skip to content
/ rust-bee-ns Public

eBPF-powered DNS racer with a Rust userland agent

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ivanmtech/rust-bee-ns

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 
example--cfg.toml
example--cfg.toml
 
 
example--query.py
example--query.py
 
 

Repository files navigation

Rust-Bee-NS: eBPF-powered DNS Racing Tool

Rust-Bee-NS intercepts a DNS request egressing from the L7 application and
replaces it with up to 4 duplicates sent to the specified uplink resolvers.
The first response to arrive (the 'winner') is passed to the requester and
the latecomers are dropped. The tool also maintains a primitive scoreboard.

Disclaimer

This software was written as a 'pet project' by its author during vacation.
It relies exclusively on publicly available technologies and does not seek
any financial gain for the author and does not fulfil a commercial purpose.
It is provided 'as-is', without any express or implied warranty of fitness
for any particular purpose or operability in production-grade environments.

Architecture

The tool comprises 2 kernel-space C BPF programs (the TC part to intercept
outbound DNS requests and the XDP part to intercept the responses) as well
as the user-space agent in Rust to load and configure the kernel component.
While the BPF programs aim at handling concurrency properly (to manage the
shared state of transactions), this implementation is wittingly unreliable.

The agent reads a configuration file in TOML format to acquire the list of
uplink resolvers as well as the (optional) 'virtual' resolver to which the
L7 application will send its requests to be matched and address-translated.
The remaining parameters are the network interface name and the timeout of
any given DNS transaction 'in flight' in milliseconds, defaulting to 10000.

The tool uses a shared map between the kernel- and user-space to configure
the BPF component and in order to display the current scoreboard on demand.

Building & Running

# (lightly tested on Debian 13.2.0 Xfce LIVE)

sudo apt update
sudo apt install --no-install-recommends --yes cargo clang libelf-dev pkg-config
git clone https://github.com/ivanmtech/rust-bee-ns
cd rust-bee-ns
cargo build
sudo ./target/debug/rust-bee-ns --agent

Running a Smoke Test and Observing the Scoreboard

# (in another terminal window)
sudo apt install --no-install-recommends --yes dnsutils
./example--query.py

# (in yet another terminal window)
watch -n 1 "sudo ./target/debug/rust-bee-ns"

Scoreboard Example

208.67.222.222  : 0
9.9.9.9         : 3
8.8.8.8         : 4

Contact Information

LinkedIn: https://am.linkedin.com/in/ivanmtech
Website: https://ivanmtech.com/
E-mail: ivanmtech@outlook.com

About

eBPF-powered DNS racer with a Rust userland agent

Topics

c dns rust linux-kernel ebpf xdp systems-programming

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages