Add initial pcapng name resolution record support. Wireshark has read

support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.

This uses "struct addrinfo" in many places and probably won't compile on
some platforms.

svn path=/trunk/; revision=36318

2 files changed, 52 insertions, 0 deletions

diff --git a/doc/editcap.pod b/doc/editcap.pod
index bf699723b5..deea34ea76 100644
--- a/doc/editcap.pod
+++ b/doc/editcap.pod
@@ -10,6 +10,8 @@ S<[ B<-c> E<lt>packets per fileE<gt> ]>
 S<[ B<-C> E<lt>choplenE<gt> ]>
 S<[ B<-E> E<lt>error probabilityE<gt> ]>
 S<[ B<-F> E<lt>file formatE<gt> ]>
+S<[ B<-W> E<lt>file format optionE<gt>]>
+S<[ B<-H> E<lt>input hosts file<gt> ]>
 S<[ B<-A> E<lt>start timeE<gt> ]>
 S<[ B<-B> E<lt>stop timeE<gt> ]>
 S<[ B<-h> ]>
@@ -150,6 +152,30 @@ B<Editcap> can write the file in several formats, B<editcap -F>
 provides a list of the available output formats. The default
 is the B<libpcap> format.
 
+=item -W  E<lt>file format optionE<gt>
+
+Save extra information in the file if the format supports it. For
+example,
+
+  -F pcapng -W n
+
+will save host name resolution records along with captured packets.
+
+Future versions of Wireshark may automatically change the capture format to
+B<pcapng> as needed.
+
+The argument is a string that may contain the following letter:
+
+B<n> write network address resolution information (pcapng only)
+
+=item -H  E<lt>input "hosts" fileE<gt>
+
+Read a list of address to host name mappings and include the result in
+the output file. Implies B<-W n>.
+
+The input file format is described at
+L<http://en.wikipedia.org/wiki/Hosts_%28file%29>.
+
 =item -A  E<lt>start timeE<gt>
 
 Saves only the packets whose timestamp is on or after start time.
diff --git a/doc/tshark.pod b/doc/tshark.pod
index 7d94e4e8af..8813cc43ca 100644
--- a/doc/tshark.pod
+++ b/doc/tshark.pod
@@ -18,6 +18,7 @@ S<[ B<-E> E<lt>field print optionE<gt> ]>
 S<[ B<-f> E<lt>capture filterE<gt> ]>
 S<[ B<-F> E<lt>file formatE<gt> ]>
 S<[ B<-h> ]>
+S<[ B<-H> E<lt>input hosts fileE<gt> ]>
 S<[ B<-i> E<lt>capture interfaceE<gt>|- ]>
 S<[ B<-I> ]>
 S<[ B<-K> E<lt>keytabE<gt> ]>
@@ -37,6 +38,7 @@ S<[ B<-T> pdml|psml|ps|text|fields ]>
 S<[ B<-v> ]>
 S<[ B<-V> ]>
 S<[ B<-w> E<lt>outfileE<gt>|- ]>
+S<[ B<-W> E<lt>file format optionE<gt>]>
 S<[ B<-x> ]>
 S<[ B<-X> E<lt>eXtension optionE<gt>]>
 S<[ B<-y> E<lt>capture link typeE<gt> ]>
@@ -398,6 +400,14 @@ B<currentprefs>  Dumps a copy of the current preferences file to stdout.
 
 Print the version and options and exits.
 
+=item -H  E<lt>input hosts fileE<gt>
+
+Read a list of entries from a "hosts" file, which will then be written
+to a capture file. Implies B<-W n>.
+
+The "hosts" file format is documented at
+L<http://en.wikipedia.org/wiki/Hosts_(file)>.
+
 =item -i  E<lt>capture interfaceE<gt> | -
 
 Set the name of the network interface or pipe to use for live packet
@@ -617,6 +627,22 @@ NOTE: -w provides raw packet data, not text. If you want text output
 you need to redirect stdout (e.g. using '>'), don't use the B<-w>
 option for this.
 
+=item -W  E<lt>file format optionE<gt>
+
+Save extra information in the file if the format supports it. For
+example,
+
+  -F pcapng -W n
+
+will save host name resolution records along with captured packets.
+
+Future versions of Wireshark may automatically change the capture format to
+B<pcapng> as needed.
+
+The argument is a string that may contain the following letter:
+
+B<n> write network address resolution information (pcapng only)
+
 =item -x
 
 Cause B<TShark> to print a hex and ASCII dump of the packet data