diff options
| author | John Thacker <johnthacker@gmail.com> | 2024-01-21 07:51:03 -0500 |
|---|---|---|
| committer | AndersBroman <a.broman58@gmail.com> | 2024-01-24 15:42:46 +0000 |
| commit | 08cf0e9553e77a915fdec5952960bcdda6e3ac04 (patch) | |
| tree | 13aec0d1b73aac88b86ee103c650866ee8488402 /epan/addr_resolv.c | |
| parent | 70e78cd390f0e82c69899fb80d3bee39d4432c1b (diff) | |
file: Don't recompile the dfilter during a live capture
Saving only the dfilter text and recompiling the code when
[re]dissecting or scanning groups of packets operates on the
explicit assumption that previously validated filter text will
always compile to valid filter code
That assumption is not true; while we invalidate the filter and
replace the text with NULL if display filter macros change or
other aspects of the packet matching expressions change so that
the previous text is no longer valid, display filters that match
FT_IPv4 or FT_IPv6 fields to resolved hostnames require a host
name lookup each time they are compiled, which can timeout, especially
if there are too many requests in flight at once. This is particularly
likely if a recompilation is performed each time additional frames
arrive during a live capture.
It is important to stress that the stronger, implicit assumption that
the display filter will compile to the same code is also false.
1) Display filters that require host name lookup can change even if
it doesn't timeout.
2) Display filter macros can change.
3) Display filters with field references will change if the selected
frame has changed.
In the case of a rescan, redissection, reload, retap, or opening a
new file, we want the new dfcode. For cf_continue_tail and
cf_finish_tail, when a new batch of frames have arrived, we might
be able to cache the host lookup for 1), and a user might want the
new macro definitions in 2) (but in that case, why not a rescan of
all packets?), but almost surely for 3) wants the field references
of the frame selected in the GUI when the filter was applied, not
whatever frame is currently selected when new packets arrive. So
we keep the old dfcode, and also reduce recompilation (which becomes
more important as the default update interval can be reduced, cf.
f0712606a3d014a915e585997f624640b326b9c0 ).
Currently filters with field references don't work at all with
newly arrived frames in live captures, because the references
aren't loaded to the code. This fixes that by using the field
references from the original frame.
Cf. 1370d2f738f4ec4b7a00f63e5f04fe916da79533
Fix #19612. Fix #12517.
Diffstat (limited to 'epan/addr_resolv.c')
| -rw-r--r-- | epan/addr_resolv.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/epan/addr_resolv.c b/epan/addr_resolv.c index 1e4d50017f..5e5d611b3d 100644 --- a/epan/addr_resolv.c +++ b/epan/addr_resolv.c @@ -3779,6 +3779,8 @@ c_ares_ghi_cb(void *arg, int status, int timeouts _U_, struct hostent *hp) { /* * XXX - If we wanted to be really fancy we could cache results here and * look them up in get_host_ipaddr* below. + * + * XXX - This only gets the first host address if there's more than one. */ async_hostent_t *ahp = (async_hostent_t *)arg; if (status == ARES_SUCCESS && hp && ahp && hp->h_length == ahp->addr_size) { @@ -3811,6 +3813,9 @@ get_host_ipaddr(const char *host, guint32 *addrp) /* If we're not allowed to do name resolution, don't do name * resolution... + * XXX - What if we're allowed to do name resolution, and the name + * is in a DNS packet we've dissected or in a Name Resolution Block, + * or a user-entered manual name resolution? */ if (!gbl_resolv_flags.network_name || !gbl_resolv_flags.use_external_net_name_resolver) { @@ -3873,6 +3878,9 @@ get_host_ipaddr6(const char *host, ws_in6_addr *addrp) /* If we're not allowed to do name resolution, don't do name * resolution... + * XXX - What if we're allowed to do name resolution, and the name + * is in a DNS packet we've dissected or in a Name Resolution Block, + * or a user-entered manual name resolution? */ if (!gbl_resolv_flags.network_name || !gbl_resolv_flags.use_external_net_name_resolver) { |