aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHadriel Kaplan <hadrielk@yahoo.com>2015-07-25 09:24:48 -0400
committerHadriel Kaplan <hadrielk@yahoo.com>2015-07-25 17:05:01 +0000
commit190e313e9d949a837a0b3c3fe027647b35c2f8be (patch)
tree62c25c82c240d5aff4ef24b582c40c08d937e3d9
parent3fc4a831e035604b0af14ed8a5c9f6596a3448d0 (diff)
DNS: move DNS name resolution pref to Name Resolution prefs
Move the boolean flag for using captured DNS packet info for name resolution to the Name Resolution preferences settings, as it was rather surprising to disable Name Resolution preferences and still have names being resolved. Also disble them all if the '-n' command line switch is used, and re-enable it for a 'd' character in the '-N' option. Bug: 10337 Change-Id: Ie4d47bab0100db3360cc447cd3e446b2e39aa917 Reviewed-on: https://code.wireshark.org/review/9786 Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
-rw-r--r--debian/libwireshark0.symbols1
-rw-r--r--doc/rawshark.pod2
-rw-r--r--doc/tshark.pod2
-rw-r--r--doc/wireshark.pod.template2
-rw-r--r--docbook/wsug_src/WSUG_app_tools.asciidoc4
-rw-r--r--docbook/wsug_src/WSUG_chapter_customize.asciidoc5
-rw-r--r--epan/addr_resolv.c25
-rw-r--r--epan/addr_resolv.h21
-rw-r--r--epan/dissectors/packet-dns.c16
-rw-r--r--epan/prefs.c13
-rw-r--r--rawshark.c9
-rw-r--r--tshark.c8
-rw-r--r--ui/gtk/main.c19
-rw-r--r--wireshark-qt.cpp9
14 files changed, 84 insertions, 52 deletions
diff --git a/debian/libwireshark0.symbols b/debian/libwireshark0.symbols
index bf4b853c7a..65a0288eca 100644
--- a/debian/libwireshark0.symbols
+++ b/debian/libwireshark0.symbols
@@ -242,6 +242,7 @@ libwireshark.so.0 libwireshark0 #MINVER#
dfilter_macro_build_ftv_cache@Base 1.9.1
dfilter_macro_foreach@Base 1.9.1
dfilter_macro_get_uat@Base 1.9.1
+ disable_name_resolution@Base 1.99.9
display_epoch_time@Base 1.9.1
display_signed_time@Base 1.9.1
dissect_IDispatch_GetIDsOfNames_resp@Base 1.9.1
diff --git a/doc/rawshark.pod b/doc/rawshark.pod
index 66be74f9c6..be8f680c17 100644
--- a/doc/rawshark.pod
+++ b/doc/rawshark.pod
@@ -172,6 +172,8 @@ B<t> to enable transport-layer port number resolution
B<C> to enable concurrent (asynchronous) DNS lookups
+B<d> to enable resolution from captured DNS packets
+
=item -o E<lt>preferenceE<gt>:E<lt>valueE<gt>
Set a preference value, overriding the default value and any value read
diff --git a/doc/tshark.pod b/doc/tshark.pod
index 3b32d73b7e..0467dc1c0f 100644
--- a/doc/tshark.pod
+++ b/doc/tshark.pod
@@ -571,6 +571,8 @@ The argument is a string that may contain the letters:
B<C> to enable concurrent (asynchronous) DNS lookups
+B<d> to enable resolution from captured DNS packets
+
B<m> to enable MAC address resolution
B<n> to enable network address resolution
diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template
index 347f4ea9ac..5deb1aca5b 100644
--- a/doc/wireshark.pod.template
+++ b/doc/wireshark.pod.template
@@ -470,6 +470,8 @@ B<t> to enable transport-layer port number resolution
B<C> to enable concurrent (asynchronous) DNS lookups
+B<d> to enable resolution from captured DNS packets
+
=item -o E<lt>preference/recent settingE<gt>
Set a preference or recent value, overriding the default value and any value
diff --git a/docbook/wsug_src/WSUG_app_tools.asciidoc b/docbook/wsug_src/WSUG_app_tools.asciidoc
index 1a5c3098cd..ad5c02ecae 100644
--- a/docbook/wsug_src/WSUG_app_tools.asciidoc
+++ b/docbook/wsug_src/WSUG_app_tools.asciidoc
@@ -67,7 +67,7 @@ Processing:
-Y <display filter> packet displaY filter in Wireshark display filter
syntax
-n disable all name resolutions (def: all enabled)
- -N <name resolve flags> enable specific name resolution(s): "mntC"
+ -N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-d <layer_type>==<selector>,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==8888,http
@@ -330,7 +330,7 @@ Processing:
packet encapsulation or protocol
-F <field> field to display
-n disable all name resolution (def: all enabled)
- -N <name resolve flags> enable specific name resolution(s): "mntC"
+ -N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-p use the system's packet header format
(which may have 64-bit timestamps)
-R <read filter> packet filter in Wireshark display filter syntax
diff --git a/docbook/wsug_src/WSUG_chapter_customize.asciidoc b/docbook/wsug_src/WSUG_chapter_customize.asciidoc
index f33b54430d..219547770d 100644
--- a/docbook/wsug_src/WSUG_chapter_customize.asciidoc
+++ b/docbook/wsug_src/WSUG_chapter_customize.asciidoc
@@ -77,7 +77,7 @@ Input file:
Processing:
-R <read filter> packet filter in Wireshark display filter syntax
-n disable all name resolutions (def: all enabled)
- -N <name resolve flags> enable specific name resolution(s): "mntC"
+ -N <name resolve flags> enable specific name resolution(s): "mnNtCd"
--disable-protocol <proto_name> disable dissection of proto_name
Repeat option for each protocol
--enable-heuristic <short_name> enable dissection of heuristic protocol
@@ -289,7 +289,8 @@ Turns on name resolving for particular types of addresses and port numbers. The
argument is a string that may contain the letters `m` to enable MAC address
resolution, `n` to enable network address resolution, and `t` to enable
transport-layer port number resolution. This overrides `-n` if both `-N` and
-`-n` are present. The letter C enables concurrent (asynchronous) DNS lookups.
+`-n` are present. The letter `C` enables concurrent (asynchronous) DNS lookups.
+The letter `d` enables resolution from captured DNS packets.
-o <preference or recent settings>::
diff --git a/epan/addr_resolv.c b/epan/addr_resolv.c
index 76b9c7e078..ee0f1aa9ab 100644
--- a/epan/addr_resolv.c
+++ b/epan/addr_resolv.c
@@ -299,7 +299,15 @@ ipv6_equal(gconstpointer v1, gconstpointer v2)
/*
* Flag controlling what names to resolve.
*/
-e_addr_resolve gbl_resolv_flags = {TRUE, FALSE, FALSE, TRUE, TRUE, FALSE};
+e_addr_resolve gbl_resolv_flags = {
+ TRUE, /* mac_name */
+ FALSE, /* network_name */
+ FALSE, /* transport_name */
+ TRUE, /* concurrent_dns */
+ TRUE, /* dns_pkt_addr_resolution */
+ TRUE, /* use_external_net_name_resolver */
+ FALSE /* load_hosts_file_from_profile_only */
+};
#if defined(HAVE_C_ARES) || defined(HAVE_GNU_ADNS)
static guint name_resolve_concurrency = 500;
#endif
@@ -2414,6 +2422,11 @@ addr_resolve_pref_init(module_t *nameres)
" capture file name resolution blocks and DNS packets in the capture.",
&gbl_resolv_flags.network_name);
+ prefs_register_bool_preference(nameres, "dns_pkt_addr_resolution",
+ "Use captured DNS packet data for address resolution",
+ "Whether address/name pairs found in captured DNS packets should be used by Wireshark for name resolution.",
+ &gbl_resolv_flags.dns_pkt_addr_resolution);
+
prefs_register_bool_preference(nameres, "use_external_name_resolver",
"Use an external network name resolver",
"Use your system's configured name resolver"
@@ -2453,6 +2466,16 @@ addr_resolve_pref_init(module_t *nameres)
}
+void
+disable_name_resolution(void) {
+ gbl_resolv_flags.mac_name = FALSE;
+ gbl_resolv_flags.network_name = FALSE;
+ gbl_resolv_flags.transport_name = FALSE;
+ gbl_resolv_flags.concurrent_dns = FALSE;
+ gbl_resolv_flags.dns_pkt_addr_resolution = FALSE;
+ gbl_resolv_flags.use_external_net_name_resolver = FALSE;
+}
+
#ifdef HAVE_C_ARES
gboolean
host_name_lookup_process(void) {
diff --git a/epan/addr_resolv.h b/epan/addr_resolv.h
index 25bd0156d1..c60e2c5180 100644
--- a/epan/addr_resolv.h
+++ b/epan/addr_resolv.h
@@ -47,13 +47,17 @@ extern "C" {
#define MAXNAMELEN 64 /* max name length (hostname and port name) */
#endif
+/**
+ * @brief Flags to control name resolution.
+ */
typedef struct _e_addr_resolve {
- gboolean mac_name;
- gboolean network_name;
- gboolean transport_name;
- gboolean concurrent_dns;
- gboolean use_external_net_name_resolver;
- gboolean load_hosts_file_from_profile_only;
+ gboolean mac_name; /**< Whether to resolve Ethernet MAC to manufacturer names */
+ gboolean network_name; /**< Whether to resolve IPv4, IPv6, and IPX addresses into host names */
+ gboolean transport_name; /**< Whether to resolve TCP/UDP ports into service names */
+ gboolean concurrent_dns; /**< Whether to use concurrent DNS name resolution */
+ gboolean dns_pkt_addr_resolution; /**< Whether to resolve addresses using captured DNS packets */
+ gboolean use_external_net_name_resolver; /**< Whether to system's configured DNS server to resolve names */
+ gboolean load_hosts_file_from_profile_only; /**< Whether to only load the hosts in the current profile, not hosts files */
} e_addr_resolve;
struct hashether;
@@ -138,6 +142,11 @@ WS_DLL_PUBLIC gchar *sctp_port_to_display(wmem_allocator_t *allocator, guint por
struct pref_module;
extern void addr_resolve_pref_init(struct pref_module *nameres);
+/*
+ * disable_name_resolution() sets all relevant gbl_resolv_flags to FALSE.
+ */
+WS_DLL_PUBLIC void disable_name_resolution(void);
+
/** If we're using c-ares or ADNS, process outstanding host name lookups.
* This is called from a GLIB timeout in Wireshark and before processing
* each packet in TShark.
diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c
index 2964961ece..96eb76fffc 100644
--- a/epan/dissectors/packet-dns.c
+++ b/epan/dissectors/packet-dns.c
@@ -420,9 +420,6 @@ static range_t *global_dns_udp_port_range;
/* desegmentation of DNS over TCP */
static gboolean dns_desegment = TRUE;
-/* whether or not to use DNS data we see in packets to resolve addresses */
-static gboolean dns_use_for_addr_resolution = TRUE;
-
/* Dissector handle for GSSAPI */
static dissector_handle_t gssapi_handle;
static dissector_handle_t ntlmssp_handle;
@@ -1814,7 +1811,7 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
proto_item_append_text(trr, ", addr %s", addr);
proto_tree_add_item(rr_tree, hf_dns_a, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
- if (dns_use_for_addr_resolution && (dns_class & 0x7f) == C_IN) {
+ if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN) {
guint32 addr_int;
tvb_memcpy(tvb, &addr_int, cur_offset, sizeof(addr_int));
add_ipv4_name(addr_int, name);
@@ -2425,7 +2422,7 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
proto_tree_add_item(rr_tree, hf_dns_aaaa, tvb, cur_offset, 16, ENC_NA);
- if (dns_use_for_addr_resolution && (dns_class & 0x7f) == C_IN) {
+ if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN) {
struct e_in6_addr addr_in6;
tvb_memcpy(tvb, &addr_in6, cur_offset, sizeof(addr_in6));
add_ipv6_name(&addr_in6, name);
@@ -5616,10 +5613,11 @@ proto_register_dns(void)
" To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
&dns_desegment);
- prefs_register_bool_preference(dns_module, "use_for_addr_resolution",
- "Use DNS packet data for address resolution",
- "Whether address/name pairs found in dissected DNS packets should be used by Wireshark for name resolution.",
- &dns_use_for_addr_resolution);
+ prefs_register_obsolete_preference(dns_module, "use_for_addr_resolution");
+
+ prefs_register_static_text_preference(dns_module, "text_use_for_addr_resolution",
+ "DNS address resolution settings can be changed in the Name Resolution preferences",
+ "DNS address resolution settings can be changed in the Name Resolution preferences");
dns_tsig_dissector_table = register_dissector_table("dns.tsig.mac", "DNS TSIG MAC Dissectors", FT_STRING, BASE_NONE);
diff --git a/epan/prefs.c b/epan/prefs.c
index 4b993001ef..16f08be70c 100644
--- a/epan/prefs.c
+++ b/epan/prefs.c
@@ -3761,6 +3761,9 @@ string_to_name_resolve(const char *string, e_addr_resolve *name_resolve)
case 'C':
name_resolve->concurrent_dns = TRUE;
break;
+ case 'd':
+ name_resolve->dns_pkt_addr_resolution = TRUE;
+ break;
default:
/*
* Unrecognized letter.
@@ -3936,17 +3939,11 @@ set_pref(gchar *pref_name, const gchar *value, void *private_data _U_,
gbl_resolv_flags.concurrent_dns = TRUE;
}
else if (g_ascii_strcasecmp(value, "false") == 0) {
- gbl_resolv_flags.mac_name = FALSE;
- gbl_resolv_flags.network_name = FALSE;
- gbl_resolv_flags.transport_name = FALSE;
- gbl_resolv_flags.concurrent_dns = FALSE;
+ disable_name_resolution();
}
else {
/* start out with none set */
- gbl_resolv_flags.mac_name = FALSE;
- gbl_resolv_flags.network_name = FALSE;
- gbl_resolv_flags.transport_name = FALSE;
- gbl_resolv_flags.concurrent_dns = FALSE;
+ disable_name_resolution();
if (string_to_name_resolve(value, &gbl_resolv_flags) != '\0')
return PREFS_SET_SYNTAX_ERR;
}
diff --git a/rawshark.c b/rawshark.c
index 6981f6d3a5..c44bacef4b 100644
--- a/rawshark.c
+++ b/rawshark.c
@@ -201,7 +201,7 @@ print_usage(FILE *output)
fprintf(output, " packet encapsulation or protocol\n");
fprintf(output, " -F <field> field to display\n");
fprintf(output, " -n disable all name resolution (def: all enabled)\n");
- fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
+ fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
fprintf(output, " -p use the system's packet header format\n");
fprintf(output, " (which may have 64-bit timestamps)\n");
fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n");
@@ -636,15 +636,12 @@ DIAG_ON(cast-qual)
line_buffered = TRUE;
break;
case 'n': /* No name resolution */
- gbl_resolv_flags.mac_name = FALSE;
- gbl_resolv_flags.network_name = FALSE;
- gbl_resolv_flags.transport_name = FALSE;
- gbl_resolv_flags.concurrent_dns = FALSE;
+ disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
if (badopt != '\0') {
- cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
+ cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
badopt);
exit(1);
}
diff --git a/tshark.c b/tshark.c
index 1ad7e0899a..6d1489a3be 100644
--- a/tshark.c
+++ b/tshark.c
@@ -345,7 +345,7 @@ print_usage(FILE *output)
fprintf(output, " -Y <display filter> packet displaY filter in Wireshark display filter\n");
fprintf(output, " syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
- fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
+ fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
fprintf(output, " -d %s ...\n", decode_as_arg_template);
fprintf(output, " \"Decode As\", see the man page for details\n");
fprintf(output, " Example: tcp.port==8888,http\n");
@@ -1520,10 +1520,7 @@ DIAG_ON(cast-qual)
#endif
break;
case 'n': /* No name resolution */
- gbl_resolv_flags.mac_name = FALSE;
- gbl_resolv_flags.network_name = FALSE;
- gbl_resolv_flags.transport_name = FALSE;
- gbl_resolv_flags.concurrent_dns = FALSE;
+ disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
@@ -1531,6 +1528,7 @@ DIAG_ON(cast-qual)
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are:",
badopt);
cmdarg_err_cont("\t'C' to enable concurrent (asynchronous) DNS lookups\n"
+ "\t'd' to enable address resolution from captured DNS packets\n"
"\t'm' to enable MAC address resolution\n"
"\t'n' to enable network address resolution\n"
"\t'N' to enable using external resolvers (e.g., DNS)\n"
diff --git a/ui/gtk/main.c b/ui/gtk/main.c
index b5cd7922bc..d3512c3404 100644
--- a/ui/gtk/main.c
+++ b/ui/gtk/main.c
@@ -952,7 +952,15 @@ void collapse_tree_cb(GtkWidget *widget _U_, gpointer data _U_)
void resolve_name_cb(GtkWidget *widget _U_, gpointer data _U_)
{
- static const e_addr_resolve resolv_flags = {TRUE, TRUE, TRUE, TRUE, TRUE, FALSE};
+ static const e_addr_resolve resolv_flags = {
+ TRUE, /* mac_name */
+ TRUE, /* network_name */
+ TRUE, /* transport_name */
+ TRUE, /* concurrent_dns */
+ TRUE, /* dns_pkt_addr_resolution */
+ TRUE, /* use_external_net_name_resolver */
+ FALSE /* load_hosts_file_from_profile_only */
+ };
if (cfile.edt->tree) {
proto_tree_draw_resolve(cfile.edt->tree, tree_view_gbl, &resolv_flags);
@@ -1231,7 +1239,7 @@ print_usage(gboolean for_help_option) {
fprintf(output, "Processing:\n");
fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
- fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
+ fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
fprintf(output, " --disable-protocol <proto_name>\n");
fprintf(output, " disable dissection of proto_name\n");
fprintf(output, " --enable-heuristic <short_name>\n");
@@ -2682,15 +2690,12 @@ DIAG_ON(cast-qual)
prefs_p->gui_gtk2_font_name = g_strdup(optarg);
break;
case 'n': /* No name resolution */
- gbl_resolv_flags.mac_name = FALSE;
- gbl_resolv_flags.network_name = FALSE;
- gbl_resolv_flags.transport_name = FALSE;
- gbl_resolv_flags.concurrent_dns = FALSE;
+ disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
if (badopt != '\0') {
- cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
+ cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
badopt);
exit(1);
}
diff --git a/wireshark-qt.cpp b/wireshark-qt.cpp
index 6ac94b451c..4e3e54f5f5 100644
--- a/wireshark-qt.cpp
+++ b/wireshark-qt.cpp
@@ -215,7 +215,7 @@ print_usage(gboolean for_help_option) {
fprintf(output, "Processing:\n");
fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
- fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
+ fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
fprintf(output, " --disable-protocol <proto_name>\n");
fprintf(output, " disable dissection of proto_name\n");
fprintf(output, " --enable-heuristic <short_name>\n");
@@ -971,15 +971,12 @@ DIAG_ON(cast-qual)
/* Not supported yet */
break;
case 'n': /* No name resolution */
- gbl_resolv_flags.mac_name = FALSE;
- gbl_resolv_flags.network_name = FALSE;
- gbl_resolv_flags.transport_name = FALSE;
- gbl_resolv_flags.concurrent_dns = FALSE;
+ disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
if (badopt != '\0') {
- cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
+ cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
badopt);
exit(1);
}