#!/usr/bin/env python

# 1657, Fri 16 Jan 15 (NZDT)
# p10_pldns_count_dnssec.py:  Count DNSSEC responses

import plt, pldns

fn = "pcapfile:1kp-dns-anon.pcap.gz"  # Data file name
t = plt.trace(fn);  t.start()

dnssec_rrs = (43,    46,   47,     48,    50,         51)
           #  DS, RRSIG, NSEC, DNSKEY, NSEC3, NSEC3PARAM
dnssec_responses = 0

n = 0;  margin = ' '*7
for pkt in t:
    n += 1  # Wireshark uses 1-org packet numbers
#    if n == 20:
#        break  # # Terminate the loop

    ip = pkt.ip
    if not ip:
        continue  # Not IP
    if ip.frag_offset != 0:
        continue  # Non-first fragment
    udp = pkt.udp
    if not udp:
        continue  # Not UDP

    ldns_obj = pldns.ldns(udp.payload)
    if not ldns_obj.is_response:  # Only look at Responses
        continue
    if ldns_obj.opcode != 0:      # Not NOERROR
        continue

    au_rr_list = ldns_obj.auth_rr_list
    if not au_rr_list:
        continue

    dnssec = False
    for rr in au_rr_list:  # Look at Authority RRs
        if rr.type in dnssec_rrs:
            dnssec = True;  break

    if not dnssec:
        continue  # No DNSSEC RRs in Authrority section

    dnssec_responses += 1

t.close()

print "%d packets read, %d DNSSEC packets (%.2f %%)" % (n,
    dnssec_responses, dnssec_responses*100.0/n)