def handle_packet(nfqueue_element):
try:
ip_packet = dpkt.ip.IP(nfqueue_element.get_payload())
dns_packet = dpkt.dns.DNS(ip_packet.udp.data)
questions = [question for question in dns_packet.qd if question.type == dpkt.dns.DNS_A]
dns_packet.domain = questions[0].name if questions else None
if contains_wrong_answer(dns_packet):
# after the fake packet dropped, the real answer can be accepted by the client
LOGGER.debug('drop fake dns packet: %s' % repr(dns_packet))
jamming_event.record('%s: dns hijacking' % dns_packet.domain)
nfqueue_element.drop()
return
nfqueue_element.accept()
dns_service_status.last_activity_at = time.time()
except:
LOGGER.exception('failed to handle packet')
nfqueue_element.accept()
def record_jamming_event(ip, event):
event = '%s: %s %s' % (dns_service.get_domain(ip) or 'unknown.com', ip, event)
LOGGER.error('jamming event: %s' % event)
jamming_event.record(event)