iploc: Parse dnshistory DB records properly.

Based on dnshistory source: dnshistory-1.3/src/dnshistory.c:store_dns_records().

Change-Id: Ia78293bcc3b9e1488890e999798e6faf6438518b

1 files changed, 19 insertions, 12 deletions

diff --git a/iploc.py b/iploc.py
index 346c5ac..4c68f4f 100644
--- a/iploc.py
+++ b/iploc.py
@@ -28,23 +28,30 @@ temp_user = ""
 
 
 def get_reverse_dns(ip_address):
-    # XXX: this works only with IPv4 addresses.
+    # XXX: this works only with IPv4 addresses (because dnshistory works only with IPv4)
     octets = str(ip_address).split('.')
     # The keys in the the reverse DNS db are stored as a char encoded string
     # made from the single octet of the IP address.
     key = ''.join(chr(int(x)) for x in octets)
     value = REVERSE_DNS_DB.get(key)
-    if value:
-        if len(value[20:]) > 1:
-            # The value obtained ends with a \x00 char: need to unpack it
-            # and retrieve only the reverse value. Just replacing it with an
-            # empty string might not work if the string is encoded.
-            value, _ = struct.unpack(
-                '{0}sc'.format(len(value[20:]) - 1), value[20:])
-        else:
-            # Value found, but no reverse DNS name in the DB.
-            value = None
-    return value
+    struct_sz = struct.calcsize("li")
+    assert len(value) > struct_sz
+    last_date, num_rec = struct.unpack("li", value[:struct_sz])
+    value = value[struct_sz:]
+
+    assert num_rec > 0
+    for i in xrange(num_rec):
+        # struct module doesn't support variable-length fields,
+        # so we need to do manual munging
+        date = struct.unpack_from("l", value)
+        value = value[struct.calcsize("l"):]
+        i = value.index("\0")
+        fqdn = value[:i]
+        value = value[i:]
+
+    # Return last fqdn, which is the latest
+    # XXX: really should do time-based lookups for best precision
+    return fqdn
 
 
 def main(file_names):