diff options
Diffstat (limited to '')
17 files changed, 2124 insertions, 0 deletions
diff --git a/external/unbound/pythonmod/doc/_static/readme b/external/unbound/pythonmod/doc/_static/readme new file mode 100644 index 000000000..db676aebb --- /dev/null +++ b/external/unbound/pythonmod/doc/_static/readme @@ -0,0 +1 @@ +this directory exists to pacify sphinx-build. diff --git a/external/unbound/pythonmod/doc/conf.py b/external/unbound/pythonmod/doc/conf.py new file mode 100644 index 000000000..bc7a5aba6 --- /dev/null +++ b/external/unbound/pythonmod/doc/conf.py @@ -0,0 +1,179 @@ +# -*- coding: utf-8 -*- +# +# Unbound scripting interface documentation build configuration file +# +# This file is execfile()d with the current directory set to its containing dir. +# +# The contents of this file are pickled, so don't put values in the namespace +# that aren't pickleable (module imports are okay, they're removed automatically). +# +# All configuration values have a default value; values that are commented out +# serve to show the default value. + +import sys, os + +# If your extensions are in another directory, add it here. If the directory +# is relative to the documentation root, use os.path.abspath to make it +# absolute, like shown here. +sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__),'../..'))) +#print sys.path + +# General configuration +# --------------------- + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest'] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# General substitutions. +project = 'Unbound scriptable interface' +copyright = '2009, Zdenek Vasicek, Marek Vavrusa' + +# The default replacements for |version| and |release|, also used in various +# other places throughout the built documents. +# +# The short X.Y version. +version = '1.0' +# The full version, including alpha/beta/rc tags. +release = '1.0.0' + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +today_fmt = '%B %d, %Y' + +# List of documents that shouldn't be included in the build. +#unused_docs = [] + +# List of directories, relative to source directories, that shouldn't be searched +# for source files. +#exclude_dirs = [] + +# The reST default role (used for this markup: `text`) to use for all documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + + +# Options for HTML output +# ----------------------- + +# The style sheet to use for HTML and HTML Help pages. A file of that name +# must exist either in Sphinx' static/ path, or in one of the custom paths +# given in html_static_path. +html_style = 'default.css' + +# The name for this set of Sphinx documents. If None, it defaults to +# "<project> v<release> documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (within the static path) to place at the top of +# the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +html_use_modindex = False + +# If false, no index is generated. +html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, the reST sources are included in the HTML build as _sources/<name>. +html_copy_source = False + +# If true, an OpenSearch description file will be output, and all pages will +# contain a <link> tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = '' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'unbound_interface' + + +# Options for LaTeX output +# ------------------------ + +# The paper size ('letter' or 'a4'). +#latex_paper_size = 'letter' + +# The font size ('10pt', '11pt' or '12pt'). +#latex_font_size = '10pt' + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, document class [howto/manual]). +latex_documents = [ + ('index', 'Unbound_interface.tex', 'Unbound scriptable interface', + 'Zdenek Vasicek, Marek Vavrusa', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# Additional stuff for the LaTeX preamble. +#latex_preamble = '' + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_use_modindex = True diff --git a/external/unbound/pythonmod/doc/examples/example0-1.py b/external/unbound/pythonmod/doc/examples/example0-1.py new file mode 100644 index 000000000..3b234f1e0 --- /dev/null +++ b/external/unbound/pythonmod/doc/examples/example0-1.py @@ -0,0 +1,34 @@ + +def init(id, cfg): + log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script)) + return True + +def deinit(id): + log_info("pythonmod: deinit called, module id is %d" % id) + return True + +def inform_super(id, qstate, superqstate, qdata): + return True + +def operate(id, event, qstate, qdata): + log_info("pythonmod: operate called, id: %d, event:%s" % (id, strmodulevent(event))) + + if event == MODULE_EVENT_NEW: + qstate.ext_state[id] = MODULE_WAIT_MODULE + return True + + if event == MODULE_EVENT_MODDONE: + log_info("pythonmod: module we are waiting for is done") + qstate.ext_state[id] = MODULE_FINISHED + return True + + if event == MODULE_EVENT_PASS: + log_info("pythonmod: event_pass") + qstate.ext_state[id] = MODULE_ERROR + return True + + log_err("pythonmod: BAD event") + qstate.ext_state[id] = MODULE_ERROR + return True + +log_info("pythonmod: script loaded.") diff --git a/external/unbound/pythonmod/doc/examples/example0.rst b/external/unbound/pythonmod/doc/examples/example0.rst new file mode 100644 index 000000000..80eca5ea6 --- /dev/null +++ b/external/unbound/pythonmod/doc/examples/example0.rst @@ -0,0 +1,129 @@ +.. _example_handler: + +Fundamentals +================ + +This basic example shows how to create simple python module which will pass on the requests to the iterator. + +How to enable python module +---------------------------- +If you look into unbound configuration file, you can find the option `module-config` which specifies the names and the order of modules to be used. +Example configuration:: + + module-config: "validator python iterator" + +As soon as the DNS query arrives, Unbound calls modules starting from leftmost - the validator *(it is the first module on the list)*. +The validator does not know the answer *(it can only validate)*, thus it will pass on the event to the next module. +Next module is python which can + + a) generate answer *(response)* + When python module generates the response unbound calls validator. Validator grabs the answer and determines the security flag. + + b) pass on the event to the iterator. + When iterator resolves the query, Unbound informs python module (event :data:`module_event_moddone`). In the end, when the python module is done, validator is called. + +Note that the python module is called with :data:`module_event_pass` event, because new DNS event was already handled by validator. + +Another situation occurs when we use the following configuration:: + + module-config: "python validator iterator" + +Python module is the first module here, so it's invoked with :data:`module_event_new` event *(new query)*. + +On Python module initialization, module loads script from `python-script` option:: + + python-script: "/unbound/test/ubmodule.py" + +Simple python module step by step +--------------------------------- + +Script file must contain four compulsory functions: + +.. function:: init(id, cfg) + + Initialize module internals, like database etc. + Called just once on module load. + + :param id: module identifier (integer) + :param cfg: :class:`config_file` configuration structure + +:: + + def init(id, cfg): + log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script)) + return True + + +.. function:: deinit(id) + + Deinitialize module internals. + Called just once on module unload. + + :param id: module identifier (integer) + +:: + + def deinit(id): + log_info("pythonmod: deinit called, module id is %d" % id) + return True + + +.. function:: inform_super(id, qstate, superqstate, qdata) + + Inform super querystate about the results from this subquerystate. + Is called when the querystate is finished. + + :param id: module identifier (integer) + :param qstate: :class:`module_qstate` Query state + :param superqstate: :class:`pythonmod_qstate` Mesh state + :param qdata: :class:`query_info` Query data + +:: + + def inform_super(id, qstate, superqstate, qdata): + return True + + + +.. function:: operate(id, event, qstate, qdata) + + Perform action on pending query. Accepts a new query, or work on pending query. + + You have to set qstate.ext_state on exit. + The state informs unbound about result and controls the following states. + + :param id: module identifier (integer) + :param qstate: :class:`module_qstate` query state structure + :param qdata: :class:`query_info` per query data, here you can store your own data + +:: + + def operate(id, event, qstate, qdata): + log_info("pythonmod: operate called, id: %d, event:%s" % (id, strmodulevent(event))) + if event == MODULE_EVENT_NEW: + qstate.ext_state[id] = MODULE_WAIT_MODULE + return True + + if event == MODULE_EVENT_MODDONE: + qstate.ext_state[id] = MODULE_FINISHED + return True + + if event == MODULE_EVENT_PASS: + qstate.ext_state[id] = MODULE_ERROR + return True + + log_err("pythonmod: BAD event") + qstate.ext_state[id] = MODULE_ERROR + return True + + +Complete source code +-------------------- + +.. literalinclude:: example0-1.py + :language: python + +As you can see, the source code is much more flexible in contrast to C modules. +Moreover, compulsory functions called on appropriate module events allows to handle almost +anything from web control to query analysis. + diff --git a/external/unbound/pythonmod/doc/examples/example1.rst b/external/unbound/pythonmod/doc/examples/example1.rst new file mode 100644 index 000000000..b49e64409 --- /dev/null +++ b/external/unbound/pythonmod/doc/examples/example1.rst @@ -0,0 +1,42 @@ +.. _log_handler: + +Packet logger +========================= + +This example shows how to log and print details about query and response. +As soon as the ``iterator`` has finished (event is :data:`module_event_moddone`), ``qstate.return_msg`` contains response packet or ``None``. +This packet will be send to a client that asked for it. + +Complete source code +-------------------- + +.. literalinclude:: ../../examples/log.py + :language: python + +Testing +------------------ +Run the unbound server: + +``root@localhost>unbound -dv -c ./test-log.conf`` + +In case you use own configuration file, don't forget to enable python module: ``module-config: "validator python iterator"`` and use valid script path: ``python-script: "./examples/log.py"``. + +Example of output:: + + [1231790168] unbound[7941:0] info: response for <f.gtld-servers.NET. AAAA IN> + [1231790168] unbound[7941:0] info: reply from <gtld-servers.NET.> 192.5.6.31#53 + [1231790168] unbound[7941:0] info: query response was ANSWER + [1231790168] unbound[7941:0] info: pythonmod: operate called, id: 1, event:module_event_moddone + ---------------------------------------------------------------------------------------------------- + Query: f.gtld-servers.NET., type: AAAA (28), class: IN (1) + ---------------------------------------------------------------------------------------------------- + Return reply :: flags: 8080, QDcount: 1, Security:0, TTL=86400 + qinfo :: qname: ['f', 'gtld-servers', 'NET', ''] f.gtld-servers.NET., qtype: AAAA, qclass: IN + Reply: + 0 : ['gtld-servers', 'NET', ''] gtld-servers.NET. flags: 0000 type: SOA (6) class: IN (1) + 0 : TTL= 86400 + 0x00 | 00 3A 02 41 32 05 4E 53 54 4C 44 03 43 4F 4D 00 05 | . : . A 2 . N S T L D . C O M . . + 0x10 | 05 6E 73 74 6C 64 0C 76 65 72 69 73 69 67 6E 2D 67 | . n s t l d . v e r i s i g n - g + 0x20 | 67 72 73 03 43 4F 4D 00 77 74 2D 64 00 00 0E 10 00 | g r s . C O M . w t - d . . . . . + 0x30 | 00 00 03 84 00 12 75 00 00 01 51 80 | . . . . . . u . . . Q . + diff --git a/external/unbound/pythonmod/doc/examples/example2.rst b/external/unbound/pythonmod/doc/examples/example2.rst new file mode 100644 index 000000000..f00fcc239 --- /dev/null +++ b/external/unbound/pythonmod/doc/examples/example2.rst @@ -0,0 +1,46 @@ +Response generation +===================== + +This example shows how to handle queries and generate response packet. + +.. note:: + If the python module is the first module and validator module is enabled (``module-config: "python validator iterator"``), + a return_msg security flag has to be set at least to 2. Leaving security flag untouched causes that the + response will be refused by unbound worker as unbound will consider it as non-valid response. + +Complete source code +-------------------- + +.. literalinclude:: ../../examples/resgen.py + :language: python + +Testing +------- + +Run the unbound server: + +``root@localhost>unbound -dv -c ./test-resgen.conf`` + +Query for a A record ending with .localdomain + +``dig A test.xxx.localdomain @127.0.0.1`` + +Dig produces the following output:: + + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48426 + ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + + ;; QUESTION SECTION: + ;test.xxx.localdomain. IN A + + ;; ANSWER SECTION: + test.xxx.localdomain. 10 IN A 127.0.0.1 + + ;; Query time: 2 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Jan 01 12:46:02 2009 + ;; MSG SIZE rcvd: 54 + +As we handle (override) in python module only queries ending with "localdomain.", the unboud can still resolve host names. diff --git a/external/unbound/pythonmod/doc/examples/example3.rst b/external/unbound/pythonmod/doc/examples/example3.rst new file mode 100644 index 000000000..6213dc188 --- /dev/null +++ b/external/unbound/pythonmod/doc/examples/example3.rst @@ -0,0 +1,63 @@ +Response modification +===================== + +This example shows how to modify the response produced by the ``iterator`` module. + +As soon as the iterator module returns the response, we : + +1. invalidate the data in cache +2. modify the response *TTL* +3. rewrite the data in cache +4. return modified packet + +Note that the steps 1 and 3 are neccessary only in case, the python module is the first module in the processing chain. +In other cases, the validator module guarantees updating data which are produced by iterator module. + +Complete source code +-------------------- + +.. literalinclude:: ../../examples/resmod.py + :language: python + +Testing +------- + +Run Unbound server: + +``root@localhost>unbound -dv -c ./test-resmod.conf`` + +Issue a query for name ending with "nic.cz." + +``>>>dig A @127.0.0.1 www.nic.cz`` + +:: + + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48831 + ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5 + + ;; QUESTION SECTION: + ;www.nic.cz. IN A + + ;; ANSWER SECTION: + www.nic.cz. 10 IN A 217.31.205.50 + + ;; AUTHORITY SECTION: + nic.cz. 10 IN NS e.ns.nic.cz. + nic.cz. 10 IN NS a.ns.nic.cz. + nic.cz. 10 IN NS c.ns.nic.cz. + + ;; ADDITIONAL SECTION: + a.ns.nic.cz. 10 IN A 217.31.205.180 + a.ns.nic.cz. 10 IN AAAA 2001:1488:dada:176::180 + c.ns.nic.cz. 10 IN A 195.66.241.202 + c.ns.nic.cz. 10 IN AAAA 2a01:40:1000::2 + e.ns.nic.cz. 10 IN A 194.146.105.38 + + ;; Query time: 166 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Jan 02 13:39:43 2009 + ;; MSG SIZE rcvd: 199 + +As you can see, TTL of all the records is set to 10. diff --git a/external/unbound/pythonmod/doc/examples/example4.rst b/external/unbound/pythonmod/doc/examples/example4.rst new file mode 100644 index 000000000..6cc484797 --- /dev/null +++ b/external/unbound/pythonmod/doc/examples/example4.rst @@ -0,0 +1,164 @@ +DNS-based language dictionary +=============================== + +This example shows how to create a simple language dictionary based on **DNS** +service within 15 minutes. The translation will be performed using TXT resource records. + +Key parts +----------- + +Initialization +~~~~~~~~~~~~~~~~~~~~~~~ +On **init()** module loads dictionary from a text file containing records in ``word [tab] translation`` format. +:: + + def init(id, cfg): + log_info("pythonmod: dict init") + f = open("examples/dict_data.txt", "r") + ... + +The suitable file can be found at http://slovnik.zcu.cz + +DNS query and word lookup +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Let's define the following format od DNS queries: ``word1[.]word2[.] ... wordN[.]{en,cs}[._dict_.cz.]``. +Word lookup is done by simple ``dict`` lookup from broken DNS request. +Query name is divided into a list of labels. This list is accesible as qname_list attribute. +:: + + aword = ' '.join(qstate.qinfo.qname_list[0:-4]) #skip last four labels + adict = qstate.qinfo.qname_list[-4] #get 4th label from the end + + words = [] #list of words + if (adict == "en") and (aword in en_dict): + words = en_dict[aword] + + if (adict == "cs") and (aword in cz_dict): + words = cz_dict[aword] # CS -> EN + +In the first step, we get a string in the form: ``word1[space]word2[space]...word[space]``. +In the second assignment, fourth label from the end is obtained. This label should contains *"cs"* or *"en"*. +This label determines the direction of translation. + + +Forming of a DNS reply +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +DNS reply is formed only on valid match and added as TXT answer. +:: + + msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_TXT, RR_CLASS_IN, PKT_AA) + + for w in words: + msg.answer.append("%s 300 IN TXT \"%s\"" % (qstate.qinfo.qname_str, w.replace("\"", "\\\""))) + + if not msg.set_return_msg(qstate): + qstate.ext_state[id] = MODULE_ERROR + return True + + qstate.return_rcode = RCODE_NOERROR + qstate.ext_state[id] = MODULE_FINISHED + return True + +In the first step, a :class:`DNSMessage` instance is created for a given query *(type TXT)*. +The fourth argument specifies the flags *(authoritative answer)*. +In the second step, we append TXT records containing the translation *(on the right side of RR)*. +Then, the response is finished and ``qstate.return_msg`` contains new response. +If no error, the module sets :attr:`module_qstate.return_rcode` and :attr:`module_qstate.ext_state`. + +**Steps:** + +1. create :class:`DNSMessage` instance +2. append TXT records containing the translation +3. set response to ``qstate.return_msg`` + +Testing +------- + +Run the Unbound server: + +``root@localhost>unbound -dv -c ./test-dict.conf`` + +In case you use own configuration file, don't forget to enable Python module:: + + module-config: "validator python iterator" + +and use valid script path:: + + python-script: "./examples/dict.py" + +The translation from english word *"a bar fly"* to Czech can be done by doing: + +``>>>dig TXT @127.0.0.1 a.bar.fly.en._dict_.cz`` + +:: + + ; (1 server found) + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48691 + ;; flags: aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + + ;; QUESTION SECTION: + ;a.bar.fly.en._dict_.cz. IN TXT + + ;; ANSWER SECTION: + a.bar.fly.en._dict_.cz. 300 IN TXT "barov\253 povale\232" + + ;; Query time: 5 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Jan 01 17:44:18 2009 + ;; MSG SIZE rcvd: 67 + +``>>>dig TXT @127.0.0.1 nic.cs._dict_.cz`` +:: + + ; <<>> DiG 9.5.0-P2 <<>> TXT @127.0.0.1 nic.cs._dict_.cz + ; (1 server found) + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58710 + ;; flags: aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 + + ;; QUESTION SECTION: + ;nic.cs._dict_.cz. IN TXT + + ;; ANSWER SECTION: + nic.cs._dict_.cz. 300 IN TXT "aught" + nic.cs._dict_.cz. 300 IN TXT "naught" + nic.cs._dict_.cz. 300 IN TXT "nihil" + nic.cs._dict_.cz. 300 IN TXT "nix" + nic.cs._dict_.cz. 300 IN TXT "nothing" + nic.cs._dict_.cz. 300 IN TXT "zilch" + + ;; Query time: 0 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Mon Jan 01 17:45:39 2009 + ;; MSG SIZE rcvd: 143 + +Proof that the unbound still works as resolver. + +``>>>dig A @127.0.0.1 www.nic.cz`` +:: + + ; (1 server found) + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19996 + ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5 + + ;; QUESTION SECTION: + ;www.nic.cz. IN A + + ;; ANSWER SECTION: + www.nic.cz. 1662 IN A 217.31.205.50 + + ;; AUTHORITY SECTION: + ... + +Complete source code +-------------------- + +.. literalinclude:: ../../examples/dict.py + :language: python diff --git a/external/unbound/pythonmod/doc/examples/index.rst b/external/unbound/pythonmod/doc/examples/index.rst new file mode 100644 index 000000000..6c5022581 --- /dev/null +++ b/external/unbound/pythonmod/doc/examples/index.rst @@ -0,0 +1,15 @@ +.. _Tutorials: + +============================== +Tutorials +============================== + +Here you can find several tutorials which clarify the usage and capabilities of Unbound scriptable interface. + +`Tutorials` + +.. toctree:: + :maxdepth: 2 + :glob: + + example* diff --git a/external/unbound/pythonmod/doc/index.rst b/external/unbound/pythonmod/doc/index.rst new file mode 100644 index 000000000..fe9bcf42b --- /dev/null +++ b/external/unbound/pythonmod/doc/index.rst @@ -0,0 +1,34 @@ +Unbound scriptable interface +======================================= + +Python module for **Unbound** provides easy-to-use flexible solution, +for scripting query events and much more! + +Along with extensible **SWIG** interface, it turns **Unbound** into dynamic *DNS* service +designed for rapid development of *DNS* based applications, like detailed *(per query/domain)* statistics, +monitoring with anything Python can offer *(database backend, http server)*. + +**Key features** + * Rapid dynamic DNS-based application development in **Python** + * Extensible interface with **SWIG** + * Easy to use debugging and analysis tool + * Capable to produce authoritative answers + * Support for logging or doing detailed statistics + * Allows to manipulate with content of cache memory + +Contents +-------- +.. toctree:: + :maxdepth: 2 + + install + examples/index + usecase + modules/index + +Indices and tables +------------------- + +* :ref:`genindex` +* :ref:`search` + diff --git a/external/unbound/pythonmod/doc/install.rst b/external/unbound/pythonmod/doc/install.rst new file mode 100644 index 000000000..991e2b4be --- /dev/null +++ b/external/unbound/pythonmod/doc/install.rst @@ -0,0 +1,59 @@ +Installation +=================================== + +**Prerequisites** + +Python 2.4 or higher, SWIG 1.3 or higher, GNU make + +**Download** + +You can download the source codes `here`_. +The latest release is 1.1.1, Jan 15, 2009. + +.. _here: unbound-1.1.1-py.tar.gz + +**Compiling** + +After downloading, you can compile the Unbound library by doing:: + + > tar -xzf unbound-1.1.1-py.tar.gz + > cd unbound-1.1.1 + > ./configure --with-pythonmodule + > make + +You need GNU make to compile sources. +SWIG and Python devel libraries to compile extension module. + +**Testing** + +If the compilation is successful, you can test the extension module by:: + + > cd pythonmod + > make sudo # or "make test" or "make suexec" + +This will start unbound server with language dictionary service (see :ref:`Tutorials`). +In order to test this service, type:: + + > dig TXT @127.0.0.1 aught.en._dict_.cz + +Dig should print this message (czech equivalent of aught):: + + ; <<>> DiG 9.5.0-P2 <<>> TXT @127.0.0.1 aught.en._dict_.cz + ; (1 server found) + ;; global options: printcmd + ;; Got answer: + ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30085 + ;; flags: aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + + ;; QUESTION SECTION: + ;aught.en._dict_.cz. IN TXT + + ;; ANSWER SECTION: + aught.en._dict_.cz. 300 IN TXT "nic" + + ;; Query time: 11 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Thu Jan 10 16:45:58 2009 + ;; MSG SIZE rcvd: 52 + +The ``pythonmod/examples`` directory contains simple applications written in Python. diff --git a/external/unbound/pythonmod/doc/modules/config.rst b/external/unbound/pythonmod/doc/modules/config.rst new file mode 100644 index 000000000..1277bcedd --- /dev/null +++ b/external/unbound/pythonmod/doc/modules/config.rst @@ -0,0 +1,350 @@ +Configuration interface +======================= + +Currently passed to Python module in init(module_id, cfg). + +config_file +-------------------- + +.. class:: config_file + + This class provides these data attributes: + + .. attribute:: verbosity + + Verbosity level as specified in the config file. + + .. attribute:: stat_interval + + Statistics interval (in seconds). + + .. attribute:: stat_cumulative + + If false, statistics values are reset after printing them. + + .. attribute:: stat_extended + + If true, the statistics are kept in greater detail. + + .. attribute:: num_threads + + Number of threads to create. + + .. attribute:: port + + Port on which queries are answered. + + .. attribute:: do_ip4 + + Do ip4 query support. + + .. attribute:: do_ip6 + + Do ip6 query support. + + .. attribute:: do_udp + + Do udp query support. + + .. attribute:: do_tcp + + Do tcp query support. + + .. attribute:: outgoing_num_ports + + Outgoing port range number of ports (per thread). + + .. attribute:: outgoing_num_tcp + + Number of outgoing tcp buffers per (per thread). + + .. attribute:: incoming_num_tcp + + Number of incoming tcp buffers per (per thread). + + .. attribute:: outgoing_avail_ports + + Allowed udp port numbers, array with 0 if not allowed. + + .. attribute:: msg_buffer_size + + Number of bytes buffer size for DNS messages. + + .. attribute:: msg_cache_size + + Size of the message cache. + + .. attribute:: msg_cache_slabs + + Slabs in the message cache. + + .. attribute:: num_queries_per_thread + + Number of queries every thread can service. + + .. attribute:: jostle_time + + Number of msec to wait before items can be jostled out. + + .. attribute:: rrset_cache_size + + Size of the rrset cache. + + .. attribute:: rrset_cache_slabs + + Slabs in the rrset cache. + + .. attribute:: host_ttl + + Host cache ttl in seconds. + + .. attribute:: lame_ttl + + Host is lame for a zone ttl, in seconds. + + .. attribute:: infra_cache_slabs + + Number of slabs in the infra host cache. + + .. attribute:: infra_cache_numhosts + + Max number of hosts in the infra cache. + + .. attribute:: infra_cache_lame_size + + Max size of lame zones per host in the infra cache. + + .. attribute:: target_fetch_policy + + The target fetch policy for the iterator. + + .. attribute:: if_automatic + + Automatic interface for incoming messages. Uses ipv6 remapping, + and recvmsg/sendmsg ancillary data to detect interfaces, boolean. + + .. attribute:: num_ifs + + Number of interfaces to open. If 0 default all interfaces. + + .. attribute:: ifs + + Interface description strings (IP addresses). + + .. attribute:: num_out_ifs + + Number of outgoing interfaces to open. + If 0 default all interfaces. + + .. attribute:: out_ifs + + Outgoing interface description strings (IP addresses). + + .. attribute:: root_hints + + The root hints. + + .. attribute:: stubs + + The stub definitions, linked list. + + .. attribute:: forwards + + The forward zone definitions, linked list. + + .. attribute:: donotqueryaddrs + + List of donotquery addresses, linked list. + + .. attribute:: acls + + List of access control entries, linked list. + + .. attribute:: donotquery_localhost + + Use default localhost donotqueryaddr entries. + + .. attribute:: harden_short_bufsize + + Harden against very small edns buffer sizes. + + .. attribute:: harden_large_queries + + Harden against very large query sizes. + + .. attribute:: harden_glue + + Harden against spoofed glue (out of zone data). + + .. attribute:: harden_dnssec_stripped + + Harden against receiving no DNSSEC data for trust anchor. + + .. attribute:: harden_referral_path + + Harden the referral path, query for NS,A,AAAA and validate. + + .. attribute:: use_caps_bits_for_id + + Use 0x20 bits in query as random ID bits. + + .. attribute:: private_address + + Strip away these private addrs from answers, no DNS Rebinding. + + .. attribute:: private_domain + + Allow domain (and subdomains) to use private address space. + + .. attribute:: unwanted_threshold + + What threshold for unwanted action. + + .. attribute:: chrootdir + + Chrootdir, if not "" or chroot will be done. + + .. attribute:: username + + Username to change to, if not "". + + .. attribute:: directory + + Working directory. + + .. attribute:: logfile + + Filename to log to. + + .. attribute:: pidfile + + Pidfile to write pid to. + + .. attribute:: use_syslog + + Should log messages be sent to syslogd. + + .. attribute:: hide_identity + + Do not report identity (id.server, hostname.bind). + + .. attribute:: hide_version + + Do not report version (version.server, version.bind). + + .. attribute:: identity + + Identity, hostname is returned if "". + + .. attribute:: version + + Version, package version returned if "". + + .. attribute:: module_conf + + The module configuration string. + + .. attribute:: trust_anchor_file_list + + Files with trusted DS and DNSKEYs in zonefile format, list. + + .. attribute:: trust_anchor_list + + List of trustanchor keys, linked list. + + .. attribute:: trusted_keys_file_list + + Files with trusted DNSKEYs in named.conf format, list. + + .. attribute:: dlv_anchor_file + + DLV anchor file. + + .. attribute:: dlv_anchor_list + + DLV anchor inline. + + .. attribute:: max_ttl + + The number of seconds maximal TTL used for RRsets and messages. + + .. attribute:: val_date_override + + If not 0, this value is the validation date for RRSIGs. + + .. attribute:: bogus_ttl + + This value sets the number of seconds before revalidating bogus. + + .. attribute:: val_clean_additional + + Should validator clean additional section for secure msgs. + + .. attribute:: val_permissive_mode + + Should validator allow bogus messages to go through. + + .. attribute:: val_nsec3_key_iterations + + Nsec3 maximum iterations per key size, string. + + .. attribute:: key_cache_size + + Size of the key cache. + + .. attribute:: key_cache_slabs + + Slabs in the key cache. + + .. attribute:: neg_cache_size + + Size of the neg cache. + + + .. attribute:: local_zones + + Local zones config. + + .. attribute:: local_zones_nodefault + + Local zones nodefault list. + + .. attribute:: local_data + + Local data RRs configged. + + .. attribute:: remote_control_enable + + Remote control section. enable toggle. + + .. attribute:: control_ifs + + The interfaces the remote control should listen on. + + .. attribute:: control_port + + Port number for the control port. + + .. attribute:: server_key_file + + Private key file for server. + + .. attribute:: server_cert_file + + Certificate file for server. + + .. attribute:: control_key_file + + Private key file for unbound-control. + + .. attribute:: control_cert_file + + Certificate file for unbound-control. + + .. attribute:: do_daemonize + + Daemonize, i.e. fork into the background. + + .. attribute:: python_script + + Python script file. diff --git a/external/unbound/pythonmod/doc/modules/env.rst b/external/unbound/pythonmod/doc/modules/env.rst new file mode 100644 index 000000000..42dbbd1cf --- /dev/null +++ b/external/unbound/pythonmod/doc/modules/env.rst @@ -0,0 +1,412 @@ +Global environment +================== + +Global variables +---------------- + +.. envvar:: mod_env + + Module environment, contains data pointer for module-specific data. + See :class:`pythonmod_env`. + + +Predefined constants +----------------------- + +Module extended state +~~~~~~~~~~~~~~~~~~~~~~~ + +.. data:: module_state_initial + + Initial state - new DNS query. + +.. data:: module_wait_reply + + Waiting for reply to outgoing network query. + +.. data:: module_wait_module + + Module is waiting for another module. + +.. data:: module_wait_subquery + + Module is waiting for sub-query. + +.. data:: module_error + + Module could not finish the query. + +.. data:: module_finished + + Module is finished with query. + +Module event +~~~~~~~~~~~~~ +.. data:: module_event_new + + New DNS query. + +.. data:: module_event_pass + + Query passed by other module. + +.. data:: module_event_reply + + Reply inbound from server. + +.. data:: module_event_noreply + + No reply, timeout or other error. + +.. data:: module_event_capsfail + + Reply is there, but capitalisation check failed. + +.. data:: module_event_moddone + + Next module is done, and its reply is awaiting you. + +.. data:: module_event_error + + Error occured. + +Security status +~~~~~~~~~~~~~~~~ + +.. data:: sec_status_unchecked + + Means that object has yet to be validated. + +.. data:: sec_status_bogus + + Means that the object *(RRset or message)* failed to validate + *(according to local policy)*, but should have validated. + +.. data:: sec_status_indeterminate + + Means that the object is insecure, but not + authoritatively so. Generally this means that the RRset is not + below a configured trust anchor. + +.. data:: sec_status_insecure + + Means that the object is authoritatively known to be + insecure. Generally this means that this RRset is below a trust + anchor, but also below a verified, insecure delegation. + +.. data:: sec_status_secure + + Means that the object (RRset or message) validated according to local policy. + +Resource records (RR sets) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The different RR classes. + + .. data:: RR_CLASS_IN + + Internet. + + .. data:: RR_CLASS_CH + + Chaos. + + .. data:: RR_CLASS_HS + + Hesiod (Dyer 87) + + .. data:: RR_CLASS_NONE + + None class, dynamic update. + + .. data:: RR_CLASS_ANY + + Any class. + + +The different RR types. + + + .. data:: RR_TYPE_A + + A host address. + + .. data:: RR_TYPE_NS + + An authoritative name server. + + .. data:: RR_TYPE_MD + + A mail destination (Obsolete - use MX). + + .. data:: RR_TYPE_MF + + A mail forwarder (Obsolete - use MX). + + .. data:: RR_TYPE_CNAME + + The canonical name for an alias. + + .. data:: RR_TYPE_SOA + + Marks the start of a zone of authority. + + .. data:: RR_TYPE_MB + + A mailbox domain name (EXPERIMENTAL). + + .. data:: RR_TYPE_MG + + A mail group member (EXPERIMENTAL). + + .. data:: RR_TYPE_MR + + A mail rename domain name (EXPERIMENTAL). + + .. data:: RR_TYPE_NULL + + A null RR (EXPERIMENTAL). + + .. data:: RR_TYPE_WKS + + A well known service description. + + .. data:: RR_TYPE_PTR + + A domain name pointer. + + .. data:: RR_TYPE_HINFO + + Host information. + + .. data:: RR_TYPE_MINFO + + Mailbox or mail list information. + + .. data:: RR_TYPE_MX + + Mail exchange. + + .. data:: RR_TYPE_TXT + + Text strings. + + .. data:: RR_TYPE_RP + + RFC1183. + + .. data:: RR_TYPE_AFSDB + + RFC1183. + + .. data:: RR_TYPE_X25 + + RFC1183. + + .. data:: RR_TYPE_ISDN + + RFC1183. + + .. data:: RR_TYPE_RT + + RFC1183. + + .. data:: RR_TYPE_NSAP + + RFC1706. + + .. data:: RR_TYPE_NSAP_PTR + + RFC1348. + + .. data:: RR_TYPE_SIG + + 2535typecode. + + .. data:: RR_TYPE_KEY + + 2535typecode. + + .. data:: RR_TYPE_PX + + RFC2163. + + .. data:: RR_TYPE_GPOS + + RFC1712. + + .. data:: RR_TYPE_AAAA + + IPv6 address. + + .. data:: RR_TYPE_LOC + + LOC record RFC1876. + + .. data:: RR_TYPE_NXT + + 2535typecode. + + .. data:: RR_TYPE_EID + + draft-ietf-nimrod-dns-01.txt. + + .. data:: RR_TYPE_NIMLOC + + draft-ietf-nimrod-dns-01.txt. + + .. data:: RR_TYPE_SRV + + SRV record RFC2782. + + .. data:: RR_TYPE_ATMA + + http://www.jhsoft.com/rfc/af-saa-0069.000.rtf. + + .. data:: RR_TYPE_NAPTR + + RFC2915. + + .. data:: RR_TYPE_KX + + RFC2230. + + .. data:: RR_TYPE_CERT + + RFC2538. + + .. data:: RR_TYPE_A6 + + RFC2874. + + .. data:: RR_TYPE_DNAME + + RFC2672. + + .. data:: RR_TYPE_SINK + + dnsind-kitchen-sink-02.txt. + + .. data:: RR_TYPE_OPT + + Pseudo OPT record. + + .. data:: RR_TYPE_APL + + RFC3123. + + .. data:: RR_TYPE_DS + + draft-ietf-dnsext-delegation. + + .. data:: RR_TYPE_SSHFP + + SSH Key Fingerprint. + + .. data:: RR_TYPE_IPSECKEY + + draft-richardson-ipseckey-rr-11.txt. + + .. data:: RR_TYPE_RRSIG + + draft-ietf-dnsext-dnssec-25. + + .. data:: RR_TYPE_NSEC + .. data:: RR_TYPE_DNSKEY + .. data:: RR_TYPE_DHCID + .. data:: RR_TYPE_NSEC3 + .. data:: RR_TYPE_NSEC3PARAMS + .. data:: RR_TYPE_UINFO + .. data:: RR_TYPE_UID + .. data:: RR_TYPE_GID + .. data:: RR_TYPE_UNSPEC + .. data:: RR_TYPE_TSIG + .. data:: RR_TYPE_IXFR + .. data:: RR_TYPE_AXFR + .. data:: RR_TYPE_MAILB + + A request for mailbox-related records (MB, MG or MR). + + .. data:: RR_TYPE_MAILA + + A request for mail agent RRs (Obsolete - see MX). + + .. data:: RR_TYPE_ANY + + Any type *(wildcard)*. + + .. data:: RR_TYPE_DLV + + RFC 4431, 5074, DNSSEC Lookaside Validation. + +Return codes +~~~~~~~~~~~~ + +Return codes for packets. + +.. data:: RCODE_NOERROR +.. data:: RCODE_FORMERR +.. data:: RCODE_SERVFAIL +.. data:: RCODE_NXDOMAIN +.. data:: RCODE_NOTIMPL +.. data:: RCODE_REFUSED +.. data:: RCODE_YXDOMAIN +.. data:: RCODE_YXRRSET +.. data:: RCODE_NXRRSET +.. data:: RCODE_NOTAUTH +.. data:: RCODE_NOTZONE + +Packet data +~~~~~~~~~~~~ + +.. data:: PKT_QR + + Query - query flag. + +.. data:: PKT_AA + + Authoritative Answer - server flag. + +.. data:: PKT_TC + + Truncated - server flag. + +.. data:: PKT_RD + + Recursion desired - query flag. + +.. data:: PKT_CD + + Checking disabled - query flag. + +.. data:: PKT_RA + + Recursion available - server flag. + +.. data:: PKT_AD + + Authenticated data - server flag. + + +Verbosity value +~~~~~~~~~~~~~~~~ + +.. data:: NO_VERBOSE + + No verbose messages. + +.. data:: VERB_OPS + + Operational information. + +.. data:: VERB_DETAIL + + Detailed information. + +.. data:: VERB_QUERY + + Query level information. + +.. data:: VERB_ALGO + + Algorithm level information. diff --git a/external/unbound/pythonmod/doc/modules/functions.rst b/external/unbound/pythonmod/doc/modules/functions.rst new file mode 100644 index 000000000..45a469fec --- /dev/null +++ b/external/unbound/pythonmod/doc/modules/functions.rst @@ -0,0 +1,120 @@ +Scriptable functions +==================== + +Network +------- + +.. function:: ntohs(netshort) + + This subroutine converts values between the host and network byte order. + Specifically, **ntohs()** converts 16-bit quantities from network byte order to host byte order. + + :param netshort: 16-bit short addr + :rtype: converted addr + + +Cache +----- + +.. function:: storeQueryInCache(qstate, qinfo, msgrep, is_referral) + + Store pending query in local cache. + + :param qstate: :class:`module_qstate` + :param qinfo: :class:`query_info` + :param msgrep: :class:`reply_info` + :param is_referal: integer + :rtype: boolean + +.. function:: invalidateQueryInCache(qstate, qinfo) + + Invalidate record in local cache. + + :param qstate: :class:`module_qstate` + :param qinfo: :class:`query_info` + + +Logging +------- + +.. function:: verbose(level, msg) + + Log a verbose message, pass the level for this message. + No trailing newline is needed. + + :param level: verbosity level for this message, compared to global verbosity setting. + :param msg: string message + +.. function:: log_info(msg) + + Log informational message. No trailing newline is needed. + + :param msg: string message + +.. function:: log_err(msg) + + Log error message. No trailing newline is needed. + + :param msg: string message + +.. function:: log_warn(msg) + + Log warning message. No trailing newline is needed. + + :param msg: string message + +.. function:: log_hex(msg, data, length) + + Log a hex-string to the log. Can be any length. + performs mallocs to do so, slow. But debug useful. + + :param msg: string desc to accompany the hexdump. + :param data: data to dump in hex format. + :param length: length of data. + +.. function:: log_dns_msg(str, qinfo, reply) + + Log DNS message. + + :param str: string message + :param qinfo: :class:`query_info` + :param reply: :class:`reply_info` + +.. function:: log_query_info(verbosity_value, str, qinf) + + Log query information. + + :param verbosity_value: see constants + :param str: string message + :param qinf: :class:`query_info` + +.. function:: regional_log_stats(r) + + Log regional statistics. + + :param r: :class:`regional` + +Debugging +--------- + +.. function:: strextstate(module_ext_state) + + Debug utility, module external qstate to string. + + :param module_ext_state: the state value. + :rtype: descriptive string. + +.. function:: strmodulevent(module_event) + + Debug utility, module event to string. + + :param module_event: the module event value. + :rtype: descriptive string. + +.. function:: ldns_rr_type2str(atype) + + Convert RR type to string. + +.. function:: ldns_rr_class2str(aclass) + + Convert RR class to string. diff --git a/external/unbound/pythonmod/doc/modules/index.rst b/external/unbound/pythonmod/doc/modules/index.rst new file mode 100644 index 000000000..ff0b95695 --- /dev/null +++ b/external/unbound/pythonmod/doc/modules/index.rst @@ -0,0 +1,11 @@ +Unbound module documentation +======================================= + +.. toctree:: + :maxdepth: 2 + + env + struct + functions + config + diff --git a/external/unbound/pythonmod/doc/modules/struct.rst b/external/unbound/pythonmod/doc/modules/struct.rst new file mode 100644 index 000000000..c41e10b73 --- /dev/null +++ b/external/unbound/pythonmod/doc/modules/struct.rst @@ -0,0 +1,427 @@ +Scriptable structures +===================== + +module_qstate +----------------------- + +.. class:: module_qstate + + Module state, per query. + + This class provides these data attributes: + + .. attribute:: qinfo + + (:class:`query_info`) Informations about query being answered. Name, RR type, RR class. + + .. attribute:: query_flags + + (uint16) Flags for query. See QF_BIT\_ predefined constants. + + .. attribute:: is_priming + + If this is a (stub or root) priming query (with hints). + + .. attribute:: reply + + comm_reply contains server replies. + + .. attribute:: return_msg + + (:class:`dns_msg`) The reply message, with message for client and calling module (read-only attribute). + Note that if you want to create of modify return_msg you should use :class:`DNSMessage`. + + .. attribute:: return_rcode + + The rcode, in case of error, instead of a reply message. Determines whether the return_msg contains reply. + + .. attribute:: region + + Region for this query. Cleared when query process finishes. + + .. attribute:: curmod + + Which module is executing. + + .. attribute:: ext_state[] + + Module states. + + .. attribute:: env + + Environment for this query. + + .. attribute:: mesh_info + + Mesh related information for this query. + + +query_info +---------------- + +.. class:: query_info + + This class provides these data attributes: + + .. attribute:: qname + + The original question in the wireformat format (e.g. \\x03www\\x03nic\\x02cz\\x00 for www.nic.cz) + + .. attribute:: qname_len + + Lenght of question name (number of bytes). + + .. attribute:: qname_list[] + + The question ``qname`` converted into list of labels (e.g. ['www','nic','cz',''] for www.nic.cz) + + .. attribute:: qname_str + + The question ``qname`` converted into string (e.g. www.nic.cz. for www.nic.cz) + + .. attribute:: qtype + + The class type asked for. See RR_TYPE\_ predefined constants. + + .. attribute:: qtype_str + + The ``qtype`` in display presentation format (string) (e.g 'A' for RR_TYPE_A) + + .. attribute:: qclass + + The question class. See RR_CLASS\_ predefined constants. + + .. attribute:: qclass_str + + The ``qclass`` in display presentation format (string). + +reply_info +-------------------- + +.. class:: reply_info + + This class provides these data attributes: + + .. attribute:: flags + + The flags for the answer, host byte order. + + .. attribute:: qdcount + + Number of RRs in the query section. + If qdcount is not 0, then it is 1, and the data that appears + in the reply is the same as the query_info. + Host byte order. + + .. attribute:: ttl + + TTL of the entire reply (for negative caching). + only for use when there are 0 RRsets in this message. + if there are RRsets, check those instead. + + .. attribute:: security + + The security status from DNSSEC validation of this message. See sec_status\_ predefined constants. + + .. attribute:: an_numrrsets + + Number of RRsets in each section. + The answer section. Add up the RRs in every RRset to calculate + the number of RRs, and the count for the dns packet. + The number of RRs in RRsets can change due to RRset updates. + + .. attribute:: ns_numrrsets + + Count of authority section RRsets + + .. attribute:: ar_numrrsets + + Count of additional section RRsets + + .. attribute:: rrset_count + + Number of RRsets: an_numrrsets + ns_numrrsets + ar_numrrsets + + .. attribute:: rrsets[] + + (:class:`ub_packed_rrset_key`) List of RR sets in the order in which they appear in the reply message. + Number of elements is ancount + nscount + arcount RRsets. + + .. attribute:: ref[] + + (:class:`rrset_ref`) Packed array of ids (see counts) and pointers to packed_rrset_key. + The number equals ancount + nscount + arcount RRsets. + These are sorted in ascending pointer, the locking order. So + this list can be locked (and id, ttl checked), to see if + all the data is available and recent enough. + + +dns_msg +-------------- + +.. class:: dns_msg + + Region allocated message reply + + This class provides these data attributes: + + .. attribute:: qinfo + + (:class:`query_info`) Informations about query. + + .. attribute:: rep + + (:class:`reply_info`) This attribute points to the packed reply structure. + + +packed_rrset_key +---------------------- + +.. class:: packed_rrset_key + + The identifying information for an RRset. + + This class provides these data attributes: + + .. attribute:: dname + + The domain name. If not empty (for ``id = None``) it is allocated, and + contains the wireformat domain name. This dname is not canonicalized. + E.g., the dname contains \\x03www\\x03nic\\x02cz\\x00 for www.nic.cz. + + .. attribute:: dname_len + + Length of the domain name, including last 0 root octet. + + .. attribute:: dname_list[] + + The domain name ``dname`` converted into list of labels (see :attr:`query_info.qname_list`). + + .. attribute:: dname_str + + The domain name ``dname`` converted into string (see :attr:`query_info.qname_str`). + + .. attribute:: flags + + Flags. + + .. attribute:: type + + The rrset type in network format. + + .. attribute:: type_str + + The rrset type in display presentation format. + + .. attribute:: rrset_class + + The rrset class in network format. + + .. attribute:: rrset_class_str + + The rrset class in display presentation format. + +ub_packed_rrset_key +------------------------- + +.. class:: ub_packed_rrset_key + + This structure contains an RRset. A set of resource records that + share the same domain name, type and class. + Due to memory management and threading, the key structure cannot be + deleted, although the data can be. The id can be set to 0 to store and the + structure can be recycled with a new id. + + The :class:`ub_packed_rrset_key` provides these data attributes: + + .. attribute:: entry + + (:class:`lruhash_entry`) Entry into hashtable. Note the lock is never destroyed, + even when this key is retired to the cache. + the data pointer (if not None) points to a :class:`packed_rrset`. + + .. attribute:: id + + The ID of this rrset. unique, based on threadid + sequenceno. + ids are not reused, except after flushing the cache. + zero is an unused entry, and never a valid id. + Check this value after getting entry.lock. + The other values in this struct may only be altered after changing + the id (which needs a writelock on entry.lock). + + .. attribute:: rk + + (:class:`packed_rrset_key`) RR set data. + + +lruhash_entry +------------------------- + +.. class:: lruhash_entry + + The :class:`ub_packed_rrset_key` provides these data attributes: + + .. attribute:: lock + + rwlock for access to the contents of the entry. Note that you cannot change hash and key, if so, you have to delete it to change hash or key. + + .. attribute:: data + + (:class:`packed_rrset_data`) entry data stored in wireformat (RRs and RRsigs). + +packed_rrset_data +----------------------- + +.. class:: packed_rrset_data + + Rdata is stored in wireformat. The dname is stored in wireformat. + + TTLs are stored as absolute values (and could be expired). + + RRSIGs are stored in the arrays after the regular rrs. + + You need the packed_rrset_key to know dname, type, class of the + resource records in this RRset. (if signed the rrsig gives the type too). + + The :class:`packed_rrset_data` provides these data attributes: + + .. attribute:: ttl + + TTL (in seconds like time()) of the RRset. + Same for all RRs see rfc2181(5.2). + + .. attribute:: count + + Number of RRs. + + .. attribute:: rrsig_count + + Number of rrsigs, if 0 no rrsigs. + + .. attribute:: trust + + The trustworthiness of the RRset data. + + .. attribute:: security + + Security status of the RRset data. See sec_status\_ predefined constants. + + .. attribute:: rr_len[] + + Length of every RR's rdata, rr_len[i] is size of rr_data[i]. + + .. attribute:: rr_ttl[] + + TTL of every rr. rr_ttl[i] ttl of rr i. + + .. attribute:: rr_data[] + + Array of RR's rdata (list of strings). The rdata is stored in uncompressed wireformat. + The first 16B of rr_data[i] is rdlength in network format. + + +DNSMessage +---------------- + +.. class:: DNSMessage + + Abstract representation of DNS message. + + **Usage** + + This example shows how to create an authoritative answer response + + :: + + msg = DNSMessage(qstate.qinfo.qname_str, RR_TYPE_A, RR_CLASS_IN, PKT_AA) + + #append RR + if (qstate.qinfo.qtype == RR_TYPE_A) or (qstate.qinfo.qtype == RR_TYPE_ANY): + msg.answer.append("%s 10 IN A 127.0.0.1" % qstate.qinfo.qname_str) + + #set qstate.return_msg + if not msg.set_return_msg(qstate): + raise Exception("Can't create response") + + The :class:`DNSMessage` provides these methods and data attributes: + + .. method:: __init__(self, rr_name, rr_type, rr_class = RR_CLASS_IN, query_flags = 0, default_ttl = 0) + + Prepares an answer (DNS packet) from qiven information. Query flags are combination of PKT_xx contants. + + .. method:: set_return_msg(self, qstate) + + This method fills qstate return message according to the given informations. + It takes lists of RRs in each section of answer, created necessray RRsets in wire format and store the result in :attr:`qstate.return_msg`. + Returns 1 if OK. + + .. attribute:: rr_name + + RR name of question. + + .. attribute:: rr_type + + RR type of question. + + .. attribute:: rr_class + + RR class of question. + + .. attribute:: default_ttl + + Default time-to-live. + + .. attribute:: query_flags + + Query flags. See PKT\_ predefined constants. + + .. attribute:: question[] + + List of resource records that should appear (in the same order) in question section of answer. + + .. attribute:: answer[] + + List of resource records that should appear (in the same order) in answer section of answer. + + .. attribute:: authority[] + + List of resource records that should appear (in the same order) in authority section of answer. + + .. attribute:: additional[] + + List of resource records that should appear (in the same order) in additional section of answer. + +pythonmod_env +----------------------- + +.. class:: pythonmod_env + + Global state for the module. + + This class provides these data attributes: + + .. attribute:: data + + Here you can keep your own data shared across each thread. + + .. attribute:: fname + + Python script filename. + + .. attribute:: qstate + + Module query state. + +pythonmod_qstate +----------------------- + +.. class:: pythonmod_qstate + + Per query state for the iterator module. + + This class provides these data attributes: + + .. attribute:: data + + Here you can keep your own private data (each thread has own data object). + diff --git a/external/unbound/pythonmod/doc/usecase.rst b/external/unbound/pythonmod/doc/usecase.rst new file mode 100644 index 000000000..7a77349f1 --- /dev/null +++ b/external/unbound/pythonmod/doc/usecase.rst @@ -0,0 +1,38 @@ +Use cases (examples) +==================== + +Dynamic DNS Service discovery (DNS-SD_) +------------------------------------------- +Synchronized with database engine, for example *MySQL*. + +.. _DNS-SD: http://www.dns-sd.org/ + +Firewall control +---------------- +Control firewall (e.g. enable incomming SSH connection) with DNS query signed with private key. +So firewall can blocks every service during normal operation. + +Scriptable DNS-based blacklist (DNS-BL_) +------------------------------------------- +Scripted in Python with already provided features, takes advantage of DNS reply, because +almost every mail server supports DNS based blacklisting. + +.. _DNS-BL: http://www.dnsbl.org + +DNS based Wake-On-Lan +--------------------- +Controled by secured queries secured with private key. + +Dynamic translation service +--------------------------- +DNS request can be translated to virtualy any answer, that's easy to implement in client side +because of many DNS libraries available. + +Examples : + * **Dictionary** - using *IDN* for non-ascii strings transfer, ``dig TXT slovo.en._dict_.nic.cz`` returns translation of "slovo" to EN. + * **Translation** - Extends *DNS-SD*, for example DNS to Jabber to find out people logged in. + * **Exchange rate calculator** - ``dig TXT 1000.99.czk.eur._rates_.nic.cz`` returns the given sum (1000.99 CZK) in EURs. + +Dynamic ENUM service +-------------------- +Support for redirection, synchronization, etc. |