MCPcopy
hub / github.com/safing/portmaster / inspectDNSPacket

Function inspectDNSPacket

service/firewall/packet_handler.go:655–745  ·  view source on GitHub ↗
(conn *network.Connection, pkt packet.Packet)

Source from the content-addressed store, hash-verified

653}
654
655func inspectDNSPacket(conn *network.Connection, pkt packet.Packet) {
656 // Ignore info-only packets in this handler.
657 if pkt.InfoOnly() {
658 return
659 }
660
661 dnsPacket := new(dns.Msg)
662 err := pkt.LoadPacketData()
663 if err != nil {
664 _ = pkt.Block()
665 log.Errorf("filter: failed to load packet payload: %s", err)
666 return
667 }
668
669 // Parse and block invalid packets.
670 err = dnsPacket.Unpack(pkt.Payload())
671 if err != nil {
672 err = pkt.PermanentBlock()
673 if err != nil {
674 log.Errorf("filter: failed to block packet: %s", err)
675 }
676 _ = conn.SetVerdict(network.VerdictBlock, "none DNS data on DNS port", "", nil)
677 conn.VerdictPermanent = true
678 conn.Save()
679 return
680 }
681
682 // Packet was parsed.
683 // Allow it but only after the answer was added to the cache.
684 defer func() {
685 err = pkt.Accept()
686 if err != nil {
687 log.Errorf("filter: failed to accept dns packet: %s", err)
688 }
689 }()
690
691 // Check if packet has a question.
692 if len(dnsPacket.Question) == 0 {
693 return
694 }
695
696 // Read create structs with the needed data.
697 question := dnsPacket.Question[0]
698 fqdn := dns.Fqdn(question.Name)
699
700 // Check for compat check dns request.
701 if strings.HasSuffix(fqdn, compat.DNSCheckInternalDomainScope) {
702 subdomain := strings.TrimSuffix(fqdn, compat.DNSCheckInternalDomainScope)
703 _ = compat.SubmitDNSCheckDomain(subdomain)
704 log.Infof("packet_handler: self-check domain received")
705 // No need to parse the answer.
706 return
707 }
708
709 // Check if there is an answer.
710 if len(dnsPacket.Answer) == 0 {
711 return
712 }

Callers 1

filterHandlerFunction · 0.85

Calls 13

ErrorfFunction · 0.92
SubmitDNSCheckDomainFunction · 0.92
InfofFunction · 0.92
UpdateIPsAndCNAMEsFunction · 0.85
SetVerdictMethod · 0.80
InfoOnlyMethod · 0.65
LoadPacketDataMethod · 0.65
BlockMethod · 0.65
PayloadMethod · 0.65
PermanentBlockMethod · 0.65
SaveMethod · 0.65
AcceptMethod · 0.65

Tested by

no test coverage detected