X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=djbdns%2Fdnscache.py;h=785121b65d0541d04005654ebf0c59a7a7144dd7;hb=c965f2fea1788a7faba2c67a4f05c27d5c34373b;hp=ff1e4da66490aa27187710fe92168fb641259b31;hpb=d0b0eaf76d414da4b32313db94c1e38f29c0da60;p=djbdns-logparse.git diff --git a/djbdns/dnscache.py b/djbdns/dnscache.py index ff1e4da..785121b 100644 --- a/djbdns/dnscache.py +++ b/djbdns/dnscache.py @@ -171,6 +171,39 @@ def decode_serial(words : list, i : int): words[i] = f"#{words[i]}" def decode_type(words : list, i : int): + r""" + Helper function to decode the type field in a dnscache log + entry. + + A single "type" field is present in cached, nodata, query, rr, and + tx entries. Unlike with tinydns entries, dnscache logs have + this field already in decimal, so we just look up the + corresponding name in the query type map. + + Parameters + ---------- + + words : list + A list with the "type" string at index ``i`` + + i : int + The index of the type field within ``words`` + + Returns + ------- + + Nothing; the ``i``th entry in the ``words`` list is modified + in-place. + + Examples + -------- + + >>> words = ["2", "7f000001:b848:0f0b", "16", "example.com."] + >>> decode_type(words, 2) + >>> words + ['2', '7f000001:b848:0f0b', 'txt', 'example.com.'] + + """ qt = words[i] words[i] = query_type.get(int(qt), qt) @@ -254,9 +287,11 @@ def handle_dnscache_log(line : str) -> Optional[str]: decode_ttl(words, 1) if words[2] not in ("cname", "mx", "ns", "ptr", "soa"): decode_type(words, 2) - if words[2] == "a": # decode answer to an A query + if words[2] == "a": + # Decode the response to an 'A' query decode_ip(words, 4) - if words[2] == "txt": # text record + if words[2] == "txt": + # Decode the TXT record's data from hex to ASCII. response = words[4] if response.endswith("..."): ellipsis = "..."