commit b76c294b7b10e17d74a888584285b84ef6b0cd07 Author: Arturo Filastò arturo@filasto.net Date: Mon Oct 8 06:49:09 2012 +0000
Final touches to DNSTamper. * Should now be ready for use --- nettests/core/dnstamper.py | 24 +++++++++++++++++++----- 1 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/nettests/core/dnstamper.py b/nettests/core/dnstamper.py index 58299da..d84c408 100644 --- a/nettests/core/dnstamper.py +++ b/nettests/core/dnstamper.py @@ -20,6 +20,7 @@ from ooni import nettest from ooni.utils import log from twisted.internet import defer from twisted.names import client +from twisted.names.error import DNSQueryRefusedError
class DNSTamperTest(nettest.TestCase):
@@ -50,6 +51,7 @@ class DNSTamperTest(nettest.TestCase): self.test_a_lookups = {} self.control_a_lookups = []
+ self.control_reverse = None self.test_reverse = {}
if not self.localOptions['testresolvers']: @@ -104,6 +106,7 @@ class DNSTamperTest(nettest.TestCase): def ptr_lookup_error(self, failure, resolver): #def ptr_lookup_error(self, *arg, **kw): print "There was an error in PTR lookup %s" % resolver + print failure if resolver == 'control': self.report['control_reverse'] = None else: @@ -111,10 +114,17 @@ class DNSTamperTest(nettest.TestCase):
def a_lookup_error(self, failure, resolver): print "There was an error in A lookup %s" % resolver + + if failure.type is DNSQueryRefusedError: + self.report['tampering'][resolver] = 'connection-refused' + elif failure.type is defer.TimeoutError: + self.report['tampering'][resolver] = 'timeout' + if resolver == 'control': self.report['control_lookup'] = None else: self.report['test_lookups'][resolver] = None + self.test_a_lookups[resolver] = None
def createResolver(self, servers): print "Creating resolver %s" % servers @@ -128,7 +138,7 @@ class DNSTamperTest(nettest.TestCase): resolver = [(self.localOptions['controlresolver'], 53)] res = client.createResolver(servers=resolver, resolvconf='')
- control_r = res.lookupAddress(hostname) + control_r = res.lookupAddress(hostname, timeout=[1]) control_r.addCallback(self.process_a_answers, 'control') control_r.addErrback(self.a_lookup_error, 'control')
@@ -138,7 +148,7 @@ class DNSTamperTest(nettest.TestCase): res = client.createResolver(servers=resolver, resolvconf='') #res = self.createResolver(servers=resolver)
- d = res.lookupAddress(hostname) + d = res.lookupAddress(hostname, timeout=[1]) d.addCallback(self.process_a_answers, test_resolver) d.addErrback(self.a_lookup_error, test_resolver) list_of_ds.append(d) @@ -184,20 +194,24 @@ class DNSTamperTest(nettest.TestCase): def compare_results(self, *arg, **kw): print "Comparing results for %s" % self.input print self.test_a_lookups + for test, test_a_lookups in self.test_a_lookups.items(): - self.report['tampering'][test] = 'unknown' + print "Now doing %s | %s" % (test, test_a_lookups) if not test_a_lookups: - self.report['tampering'][test] = 'no-result' continue + if set(test_a_lookups) & set(self.control_a_lookups): + print "IN here t0" # Address has not tampered with on DNS server self.report['tampering'][test] = False
- elif set([self.control_reverse]) & set([self.report['test_reverse'][test]]): + elif self.control_reverse and set([self.control_reverse]) & set([self.report['test_reverse'][test]]): + print "Noboar" # Further testing has eliminated false positives self.report['tampering'][test] = 'reverse-match'
else: + print "FOOBAR!" # Reverse DNS on the results returned by returned # which does not match the expected domainname self.report['tampering'][test] = True