Response modification

This example shows how to modify the response produced by the iterator module.

As soon as the iterator module returns the response, we :

  1. invalidate the data in cache
  2. modify the response TTL
  3. rewrite the data in cache
  4. return modified packet

Note that the steps 1 and 3 are necessary only in case, the python module is the first module in the processing chain. In other cases, the validator module guarantees updating data which are produced by iterator module.

Complete source code

'''
 resmod.py: This example shows how to modify the response from iterator 

 Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz)
                     Marek Vavrusa  (xvavru00 AT stud.fit.vutbr.cz)

 This software is open source.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 
    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
 
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
 
    * Neither the name of the organization nor the names of its
      contributors may be used to endorse or promote products derived from this
      software without specific prior written permission.

 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.
'''

def init(id, cfg): return True

def deinit(id): return True

def inform_super(id, qstate, superqstate, qdata): return True

def setTTL(qstate, ttl):
    """Updates return_msg TTL and the TTL of all the RRs"""
    if qstate.return_msg:
        qstate.return_msg.rep.ttl = ttl
        if (qstate.return_msg.rep):
            for i in range(0,qstate.return_msg.rep.rrset_count):
                d = qstate.return_msg.rep.rrsets[i].entry.data
                for j in range(0,d.count+d.rrsig_count):
                    d.rr_ttl[j] = ttl

def operate(id, event, qstate, qdata):
    if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS):
        #pass the query to validator
        qstate.ext_state[id] = MODULE_WAIT_MODULE 
        return True

    if event == MODULE_EVENT_MODDONE:
        log_info("pythonmod: iterator module done")

        if not qstate.return_msg:
            qstate.ext_state[id] = MODULE_FINISHED 
            return True

        #modify the response

        qdn = qstate.qinfo.qname_str
        if qdn.endswith(".nic.cz."):
            #invalidate response in cache added by iterator
            #invalidateQueryInCache(qstate, qstate.return_msg.qinfo)

            #modify TTL to 10 secs and store response in cache
            #setTTL(qstate, 5)
            #if not storeQueryInCache(qstate, qstate.return_msg.qinfo, qstate.return_msg.rep, 0):
            #    qstate.ext_state[id] = MODULE_ERROR
            #    return False

            #modify TTL of response, which will be send to a) validator and then b) client
            setTTL(qstate, 10)
            qstate.return_rcode = RCODE_NOERROR

        qstate.ext_state[id] = MODULE_FINISHED 
        return True
      
    log_err("pythonmod: bad event")
    qstate.ext_state[id] = MODULE_ERROR
    return True

Testing

Run Unbound server:

root@localhost>unbound -dv -c ./test-resmod.conf

Issue a query for name ending with “nic.cz.”

>>>dig A @127.0.0.1 www.nic.cz

;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48831
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5

;; QUESTION SECTION:
;www.nic.cz.                    IN      A

;; ANSWER SECTION:
www.nic.cz.             10      IN      A       217.31.205.50

;; AUTHORITY SECTION:
nic.cz.                 10      IN      NS      e.ns.nic.cz.
nic.cz.                 10      IN      NS      a.ns.nic.cz.
nic.cz.                 10      IN      NS      c.ns.nic.cz.

;; ADDITIONAL SECTION:
a.ns.nic.cz.            10      IN      A       217.31.205.180
a.ns.nic.cz.            10      IN      AAAA    2001:1488:dada:176::180
c.ns.nic.cz.            10      IN      A       195.66.241.202
c.ns.nic.cz.            10      IN      AAAA    2a01:40:1000::2
e.ns.nic.cz.            10      IN      A       194.146.105.38

;; Query time: 166 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 02 13:39:43 2009
;; MSG SIZE  rcvd: 199

As you can see, TTL of all the records is set to 10.