How to use tc_redirect to reroute all dns queries to a custom dns server?

[gouravkrosx]

I have a specific use case in which I need to reroute DNS queries for a particular process ID (PID) to my DNS server. This DNS server will return a custom IP address associated with my proxy server, which is running within the same program as the DNS server. In this setup, both the DNS and TCP proxy servers share the same IP address. My goal is to direct all traffic from this particular PID through the proxy so that I can monitor the outbound requests and responses. From the proxy, I will then establish connections to the actual destination servers.

Previously, I relied on 'cgroup/connect4' to redirect all UDP DNS queries to my DNS server. This method worked well until I discovered that on older Debian distributions like Bullseye and Buster, 'cgroup/connect4' does not handle DNS UDP calls.

That's when I came across your library, which seemed promising for my use case.

To illustrate my scenario further, I have three containers:

Application container
Database container
Proxy container
I need to somehow override the Docker DNS server with my own server to achieve my objective. This means redirecting the IP address associated with the database container's name used in the application container to my DNS server present in the Proxy container. I believe your library can address my needs, but I've encountered some issues in its usage.

The problem I'm facing with your library is that, when I attempt to set up Docker without eBPF, and I listen in the server container using 'nc -l 30100' and try to connect from the client container using 'nc 192.168.1.5 30100,' it appears that the traffic doesn't reach the server (though the router can still reach it using the same 'nc 192.168.1.5 30100' command).

Could you explain what specific changes will be visible when I run the eBPF program? I was able to compile the program successfully, and there doesn't appear to be any errors or issues preventing it from attaching and enabling the filter. However, I'm unsure about how it functions, as I have concerns about whether the hooks are released.

I would greatly appreciate it if you could clarify these doubts so that I can effectively use your library for my use case. Additionally, please confirm whether it is possible to achieve my objective with your library, as I need not only IP redirection but also port redirection, similar to what I was doing with 'cgroup/connect4.'

Your assistance is invaluable, especially as I am relatively new to eBPF."

[fedepaol]

I have a specific use case in which I need to reroute DNS queries for a particular process ID (PID) to my DNS server. This DNS server will return a custom IP address associated with my proxy server, which is running within the same program as the DNS server. In this setup, both the DNS and TCP proxy servers share the same IP address. My goal is to direct all traffic from this particular PID through the proxy so that I can monitor the outbound requests and responses. From the proxy, I will then establish connections to the actual destination servers.

Previously, I relied on 'cgroup/connect4' to redirect all UDP DNS queries to my DNS server. This method worked well until I discovered that on older Debian distributions like Bullseye and Buster, 'cgroup/connect4' does not handle DNS UDP calls.

That's when I came across your library, which seemed promising for my use case.

Please note it is an example, not a library. Also, this example shows how to redirect the traffic to a different nic, not to a completely different destination IP (even though I think it shouldn't be hard to modify it).

To illustrate my scenario further, I have three containers:

Application container Database container Proxy container I need to somehow override the Docker DNS server with my own server to achieve my objective. This means redirecting the IP address associated with the database container's name used in the application container to my DNS server present in the Proxy container. I believe your library can address my needs, but I've encountered some issues in its usage.

The problem I'm facing with your library is that, when I attempt to set up Docker without eBPF, and I listen in the server container using 'nc -l 30100' and try to connect from the client container using 'nc 192.168.1.5 30100,' it appears that the traffic doesn't reach the server (though the router can still reach it using the same 'nc 192.168.1.5 30100' command).

Just use tcpdump to see where the traffic is lost.

Could you explain what specific changes will be visible when I run the eBPF program? I was able to compile the program successfully, and there doesn't appear to be any errors or issues preventing it from attaching and enabling the filter. However, I'm unsure about how it functions, as I have concerns about whether the hooks are released.

IIRC, you should see the program loaded either with ip link show ... or using bpftool.
If you don't know if it's working, try to add some bpf_trace_printks to see if it intercepting packets and which.

I would greatly appreciate it if you could clarify these doubts so that I can effectively use your library for my use case. Additionally, please confirm whether it is possible to achieve my objective with your library, as I need not only IP redirection but also port redirection, similar to what I was doing with 'cgroup/connect4.'

Again this is not a library, and does not do any ip redirection. The dst ip remains the same, it just goes out via a different interface.

Your assistance is invaluable, especially as I am relatively new to eBPF."

[gouravkrosx]

I appreciate the detailed explanation, and I'll certainly implement your suggestions