Skip to content

domain_cache

domain_cache

IP-to-domain reverse lookup from the dnsmasq query log.

Parses reply / cached lines to build a mapping from resolved IPs to their domain names. Used by shield watch and the interactive session for NFLOG event enrichment.

DomainCache(state_dir)

IP-to-domain reverse lookup cache.

Initialise with the dnsmasq log path derived from state_dir.

Source code in src/terok_shield/lib/watchers/domain_cache.py 
24
25
26
27
def __init__(self, state_dir: Path) -> None:
    """Initialise with the dnsmasq log path derived from *state_dir*."""
    self._log_path = state.dnsmasq_log_path(state_dir)
    self._mapping: dict[str, str] = {}

lookup(ip)

Return the cached domain for ip, or empty string if unknown.

Source code in src/terok_shield/lib/watchers/domain_cache.py 
29
30
31
def lookup(self, ip: str) -> str:
    """Return the cached domain for *ip*, or empty string if unknown."""
    return self._mapping.get(ip, "")

refresh()

Reload the IP-to-domain mapping from the dnsmasq query log.

On OSError the previous cache is preserved.

Source code in src/terok_shield/lib/watchers/domain_cache.py 
33
34
35
36
37
38
39
40
41
42
43
44
45
46
def refresh(self) -> None:
    """Reload the IP-to-domain mapping from the dnsmasq query log.

    On ``OSError`` the previous cache is preserved.
    """
    try:
        text = self._log_path.read_text()
    except OSError:
        return
    mapping: dict[str, str] = {}
    for m in _REPLY_RE.finditer(text):
        domain, ip = m.group(1), m.group(2)
        mapping[ip] = domain.lower().rstrip(".")
    self._mapping = mapping