So it looks like TCP DNS doesn't work

pathspider/chains/dns.py

@@ -60,7 +60,10 @@ def tcp(self, rec, tcp, rev):
         :rtype: bool
         """
 
-        return self._dns_response(rec, tcp, rev)
+        if tcp.payload is not None:
+            return self._dns_response(rec, tcp.payload, rev)
+        else:
+            return True
 
     def udp(self, rec, udp, rev):
         """
@@ -82,14 +85,14 @@ def udp(self, rec, udp, rev):
         :rtype: bool
         """
 
-        return self._dns_response(rec, udp, rev)
+        return self._dns_response(rec, udp.payload, rev)
 
-    def _dns_response(self, rec, l4, rev):
+    def _dns_response(self, rec, payload, rev):
         try:
             from pldns import ldns # pylint: disable=E0611
 
             if rev is True:
-                dns = ldns(l4.payload)
+                dns = ldns(payload)
                 if dns.is_ok():
                     if dns.is_response:
                         rec['dns_response_valid'] = True

pathspider/tests/test_chain_dns.py

@@ -19,6 +19,22 @@ def test_chain_dns_valid_response(self):
         for key in expected_dns:
             assert flows[0][key] == expected_dns[key]
 
+    def test_chain_dns_valid_response_tcp(self):
+        test_trace = "dns_valid_response_tcp.pcap"
+        self.create_observer(test_trace, [DNSChain])
+
+        expected_dns = {
+            'dns_response_valid': True,
+        }
+
+        flows = self.run_observer()
+        assert len(flows) == 1
+
+        print(flows)
+
+        for key in expected_dns:
+            assert flows[0][key] == expected_dns[key]
+
     def test_chain_dns_no_response(self):
         test_trace = "dns_no_response.pcap"
         self.create_observer(test_trace, [DNSChain])