DNS数据包格式错误

Question

I have a small python script that acts as a proxy. 我有一个小的python脚本充当代理。 Everything seems to be working fine with the script except for DNS requests. 除DNS请求外，其他脚本似乎一切正常。 When a DNS request is received by my script I preform the request and then forward the response back to original user who made the DNS request. 当我的脚本收到DNS请求时，我会执行请求，然后将响应转发回发出DNS请求的原始用户。 However when the one originating the DNS request gets the response it's considered to be malformed. 但是，当发起DNS请求的请求获得响应时，它被认为是格式错误的。 I know there were DNS issues with older versions of scapy, so I updated to scapy 2.3.1 but still have problems. 我知道scapy的较早版本存在DNS问题，因此我更新到scapy 2.3.1，但仍然有问题。

#!/usr/bin/env python

from tornado.websocket import WebSocketHandler
from tornado.httpserver import HTTPServer
from tornado.web import Application
from tornado.ioloop import IOLoop

from collections import defaultdict
from scapy.all import *
import threading

# Warning: Not thread-safe.
# Dictionary mapping (outbound.dst, outbound.dport) -> count of IP packets awaiting reply
outbound_packets = defaultdict(int)
outbound_udp = defaultdict(int)
connection = None

class PacketSniffer(threading.Thread):
    def __init__(self):
        threading.Thread.__init__(self) 

    def run(self):
        global connection
        while (True):
            pkt = sniff(iface="eth0", count=1)

            if pkt[0].haslayer(IP):
              pkt = pkt[0][IP]

              if outbound_packets[(pkt.src, pkt.sport)] > 0:
                  outbound_packets[(pkt.src, pkt.sport)] -= 1


                  if pkt[0].haslayer(UDP):
                    # Modify the destination address back to the address of the TUN on the host.
                    pkt.dst = "10.0.0.1"

                    try:
                      del pkt[UDP].chksum
                      del pkt[IP].chksum
                      pkt.show2() # Force recompute the checksum
                    except IndexError:
                      print "error deleting"

                    if connection:
                        connection.write_message(str(pkt).encode('base64'))


                  elif pkt[0].haslayer(TCP):
                    print "TCP packet"
                    # Modify the destination address back to the address of the TUN on the host.        
                    pkt.dst = "10.0.0.1"
                    try:
                      del pkt[TCP].chksum
                      del pkt[IP].chksum
                      pkt.show2() # Force recompute the checksum
                    except IndexError:
                      print "error deleting"

                    if connection:
                        connection.write_message(str(pkt).encode('base64'))

I'm no DNS expert but from what I can tell the response has Answer RRs: 2 but looking at the actual DNS answers I only see 1 entry. 我不是DNS专家，但据我所知，响应具有Answer RRs: 2但查看实际的DNS答复，我仅看到1项。 Is it safe to assume the Answer RRs value should match the number of actual answers? 假设Answer RRs值应与实际答案的数量相匹配是否安全？ If this is the case, any idea how/why answers are being removed from the DNS entry? 如果是这种情况，是否知道如何/为什么从DNS条目中删除答案？

在此处输入图片说明

Answer 1

Scapy issue 913 and issue 5105 discuss this problem and ultimately led me to pull request 18 and pull request 91 which fixed the problem. Scapy 问题913和问题5105讨论了此问题，最终使我提出了解决问题的请求18和请求91 。

When I applied these to Scapy 2.2.0 (not 2.3.1) line numbers didn't entirely match but it was obvious where things went. 当我将这些应用于Scapy 2.2.0（而非2.3.1）时，行号并不完全匹配，但是很明显，行进去了。 I found and entered 18 first, but 91 by itself may be enough to fix the problem. 我发现并首先输入18，但是仅靠91即可解决问题。

DNS数据包格式错误

问题描述

1 个解决方案

解决方案1
0 2015-08-05 12:04:46

DNS数据包格式错误

问题描述

1 个解决方案

解决方案1 0 2015-08-05 12:04:46

解决方案1
0 2015-08-05 12:04:46