X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=djbdns%2Fdnscache.py;h=0d9de08592c903967ce988f355a798086661fd5d;hb=d73740c3a7d3696aaf7f3d677f83654cbd4b3583;hp=ff1e4da66490aa27187710fe92168fb641259b31;hpb=d0b0eaf76d414da4b32313db94c1e38f29c0da60;p=djbdns-logparse.git

diff --git a/djbdns/dnscache.py b/djbdns/dnscache.py
index ff1e4da..0d9de08 100644
--- a/djbdns/dnscache.py
+++ b/djbdns/dnscache.py
@@ -1,9 +1,11 @@
-from re import compile
+# Don't clobber the global compile() with a named import.
+import re
+
 from typing import Optional
 from djbdns.common import *
 
 # The regex to match dnscache log lines.
-dnscache_log_re = compile(fr'({timestamp_pat}) (\w+)(.*)')
+dnscache_log_re = re.compile(fr'({timestamp_pat}) (\w+)(.*)')
 
 
 def decode_client(words : list, i : int):
@@ -171,6 +173,39 @@ def decode_serial(words : list, i : int):
     words[i] = f"#{words[i]}"
 
 def decode_type(words : list, i : int):
+    r"""
+    Helper function to decode the type field in a dnscache log
+    entry.
+
+    A single "type" field is present in cached, nodata, query, rr, and
+    tx entries. Unlike with tinydns entries, dnscache logs have
+    this field already in decimal, so we just look up the
+    corresponding name in the query type map.
+
+    Parameters
+    ----------
+
+    words : list
+        A list with the "type" string at index ``i``
+
+    i : int
+        The index of the type field within ``words``
+
+    Returns
+    -------
+
+    Nothing; the ``i``th entry in the ``words`` list is modified
+    in-place.
+
+    Examples
+    --------
+
+        >>> words = ["2", "7f000001:b848:0f0b", "16", "example.com."]
+        >>> decode_type(words, 2)
+        >>> words
+        ['2', '7f000001:b848:0f0b', 'txt', 'example.com.']
+
+    """
     qt = words[i]
     words[i] = query_type.get(int(qt), qt)
 
@@ -254,9 +289,11 @@ def handle_dnscache_log(line : str) -> Optional[str]:
         decode_ttl(words, 1)
         if words[2] not in ("cname", "mx", "ns", "ptr", "soa"):
             decode_type(words, 2)
-            if words[2] == "a":         # decode answer to an A query
+            if words[2] == "a":
+                # Decode the response to an 'A' query
                 decode_ip(words, 4)
-            if words[2] == "txt":       # text record
+            if words[2] == "txt":
+                # Decode the TXT record's data from hex to ASCII.
                 response = words[4]
                 if response.endswith("..."):
                     ellipsis = "..."