Dear Ludo’, On Mon, Jun 19, 2017 at 04:49:43PM +0200, Ludovic Courtès wrote: > >> I think it would be easier to just use ‘substitute*’ to replace all the > >> occurrences of “tcp”, etc., wouldn’t it? > > alas many occurences of "tcp", "udp", etc. are hidden in > > encrypted/hashed records, so simple plain text substitutions would > > break the signatures. > > Yes, I can imagine. But maybe (maybe not!), by selecting the right set > of files to modify, and by adjusting the regexp (let’s say “\<tcp\>” or > “"tcp"”) to match only what matters, it could work. here is a sample record pair:
wks02.types-signed.wb.sidnlabs.nl. 60 IN WKS 10.0.0.1 udp 0 1 2 domain wks02.types-signed.wb.sidnlabs.nl. 60 IN RRSIG WKS 8 5 60 20140201000000 20130930114324 62298 types-signed.wb.sidnlabs.nl. P+p1gcQbO4I/sBQUZktrz4Q1osWIFIFGlK8o+SzIXMjxmdNy36vjwW6Sfy97CycbLRFIQ2grPv/cPaXtoMb+usHCoDtl5sSvLTJFmg9hpQ+xm12GvunZvAYAGx9fZic+QvLahSg+cjqX1M0oR9B68gcx+duMdLzawlUcIqX8gmA= So changing the first line requires to recreating the signature record in the second line which I find much more difficult then the LD_PRELOAD. > If that’s really not workable, then the LD_PRELOAD approach is fine. > Since it’s small I think it’s OK as inline code. Thanks, I just submitted a revised patch including your remarks and some additional comments as explanation. Best, Gregor
