diff options
| -rw-r--r-- | debian/libwireshark0.symbols | 1 | ||||
| -rw-r--r-- | doc/rawshark.pod | 2 | ||||
| -rw-r--r-- | doc/tshark.pod | 2 | ||||
| -rw-r--r-- | doc/wireshark.pod.template | 2 | ||||
| -rw-r--r-- | docbook/wsug_src/WSUG_app_tools.asciidoc | 4 | ||||
| -rw-r--r-- | docbook/wsug_src/WSUG_chapter_customize.asciidoc | 5 | ||||
| -rw-r--r-- | epan/addr_resolv.c | 25 | ||||
| -rw-r--r-- | epan/addr_resolv.h | 21 | ||||
| -rw-r--r-- | epan/dissectors/packet-dns.c | 16 | ||||
| -rw-r--r-- | epan/prefs.c | 13 | ||||
| -rw-r--r-- | rawshark.c | 9 | ||||
| -rw-r--r-- | tshark.c | 8 | ||||
| -rw-r--r-- | ui/gtk/main.c | 19 | ||||
| -rw-r--r-- | wireshark-qt.cpp | 9 |
14 files changed, 84 insertions, 52 deletions
diff --git a/debian/libwireshark0.symbols b/debian/libwireshark0.symbols index bf4b853c7a..65a0288eca 100644 --- a/debian/libwireshark0.symbols +++ b/debian/libwireshark0.symbols @@ -242,6 +242,7 @@ libwireshark.so.0 libwireshark0 #MINVER# dfilter_macro_build_ftv_cache@Base 1.9.1 dfilter_macro_foreach@Base 1.9.1 dfilter_macro_get_uat@Base 1.9.1 + disable_name_resolution@Base 1.99.9 display_epoch_time@Base 1.9.1 display_signed_time@Base 1.9.1 dissect_IDispatch_GetIDsOfNames_resp@Base 1.9.1 diff --git a/doc/rawshark.pod b/doc/rawshark.pod index 66be74f9c6..be8f680c17 100644 --- a/doc/rawshark.pod +++ b/doc/rawshark.pod @@ -172,6 +172,8 @@ B<t> to enable transport-layer port number resolution B<C> to enable concurrent (asynchronous) DNS lookups +B<d> to enable resolution from captured DNS packets + =item -o E<lt>preferenceE<gt>:E<lt>valueE<gt> Set a preference value, overriding the default value and any value read diff --git a/doc/tshark.pod b/doc/tshark.pod index 3b32d73b7e..0467dc1c0f 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -571,6 +571,8 @@ The argument is a string that may contain the letters: B<C> to enable concurrent (asynchronous) DNS lookups +B<d> to enable resolution from captured DNS packets + B<m> to enable MAC address resolution B<n> to enable network address resolution diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template index 347f4ea9ac..5deb1aca5b 100644 --- a/doc/wireshark.pod.template +++ b/doc/wireshark.pod.template @@ -470,6 +470,8 @@ B<t> to enable transport-layer port number resolution B<C> to enable concurrent (asynchronous) DNS lookups +B<d> to enable resolution from captured DNS packets + =item -o E<lt>preference/recent settingE<gt> Set a preference or recent value, overriding the default value and any value diff --git a/docbook/wsug_src/WSUG_app_tools.asciidoc b/docbook/wsug_src/WSUG_app_tools.asciidoc index 1a5c3098cd..ad5c02ecae 100644 --- a/docbook/wsug_src/WSUG_app_tools.asciidoc +++ b/docbook/wsug_src/WSUG_app_tools.asciidoc @@ -67,7 +67,7 @@ Processing: -Y <display filter> packet displaY filter in Wireshark display filter syntax -n disable all name resolutions (def: all enabled) - -N <name resolve flags> enable specific name resolution(s): "mntC" + -N <name resolve flags> enable specific name resolution(s): "mnNtCd" -d <layer_type>==<selector>,<decode_as_protocol> ... "Decode As", see the man page for details Example: tcp.port==8888,http @@ -330,7 +330,7 @@ Processing: packet encapsulation or protocol -F <field> field to display -n disable all name resolution (def: all enabled) - -N <name resolve flags> enable specific name resolution(s): "mntC" + -N <name resolve flags> enable specific name resolution(s): "mnNtCd" -p use the system's packet header format (which may have 64-bit timestamps) -R <read filter> packet filter in Wireshark display filter syntax diff --git a/docbook/wsug_src/WSUG_chapter_customize.asciidoc b/docbook/wsug_src/WSUG_chapter_customize.asciidoc index f33b54430d..219547770d 100644 --- a/docbook/wsug_src/WSUG_chapter_customize.asciidoc +++ b/docbook/wsug_src/WSUG_chapter_customize.asciidoc @@ -77,7 +77,7 @@ Input file: Processing: -R <read filter> packet filter in Wireshark display filter syntax -n disable all name resolutions (def: all enabled) - -N <name resolve flags> enable specific name resolution(s): "mntC" + -N <name resolve flags> enable specific name resolution(s): "mnNtCd" --disable-protocol <proto_name> disable dissection of proto_name Repeat option for each protocol --enable-heuristic <short_name> enable dissection of heuristic protocol @@ -289,7 +289,8 @@ Turns on name resolving for particular types of addresses and port numbers. The argument is a string that may contain the letters `m` to enable MAC address resolution, `n` to enable network address resolution, and `t` to enable transport-layer port number resolution. This overrides `-n` if both `-N` and -`-n` are present. The letter C enables concurrent (asynchronous) DNS lookups. +`-n` are present. The letter `C` enables concurrent (asynchronous) DNS lookups. +The letter `d` enables resolution from captured DNS packets. -o <preference or recent settings>:: diff --git a/epan/addr_resolv.c b/epan/addr_resolv.c index 76b9c7e078..ee0f1aa9ab 100644 --- a/epan/addr_resolv.c +++ b/epan/addr_resolv.c @@ -299,7 +299,15 @@ ipv6_equal(gconstpointer v1, gconstpointer v2) /* * Flag controlling what names to resolve. */ -e_addr_resolve gbl_resolv_flags = {TRUE, FALSE, FALSE, TRUE, TRUE, FALSE}; +e_addr_resolve gbl_resolv_flags = { + TRUE, /* mac_name */ + FALSE, /* network_name */ + FALSE, /* transport_name */ + TRUE, /* concurrent_dns */ + TRUE, /* dns_pkt_addr_resolution */ + TRUE, /* use_external_net_name_resolver */ + FALSE /* load_hosts_file_from_profile_only */ +}; #if defined(HAVE_C_ARES) || defined(HAVE_GNU_ADNS) static guint name_resolve_concurrency = 500; #endif @@ -2414,6 +2422,11 @@ addr_resolve_pref_init(module_t *nameres) " capture file name resolution blocks and DNS packets in the capture.", &gbl_resolv_flags.network_name); + prefs_register_bool_preference(nameres, "dns_pkt_addr_resolution", + "Use captured DNS packet data for address resolution", + "Whether address/name pairs found in captured DNS packets should be used by Wireshark for name resolution.", + &gbl_resolv_flags.dns_pkt_addr_resolution); + prefs_register_bool_preference(nameres, "use_external_name_resolver", "Use an external network name resolver", "Use your system's configured name resolver" @@ -2453,6 +2466,16 @@ addr_resolve_pref_init(module_t *nameres) } +void +disable_name_resolution(void) { + gbl_resolv_flags.mac_name = FALSE; + gbl_resolv_flags.network_name = FALSE; + gbl_resolv_flags.transport_name = FALSE; + gbl_resolv_flags.concurrent_dns = FALSE; + gbl_resolv_flags.dns_pkt_addr_resolution = FALSE; + gbl_resolv_flags.use_external_net_name_resolver = FALSE; +} + #ifdef HAVE_C_ARES gboolean host_name_lookup_process(void) { diff --git a/epan/addr_resolv.h b/epan/addr_resolv.h index 25bd0156d1..c60e2c5180 100644 --- a/epan/addr_resolv.h +++ b/epan/addr_resolv.h @@ -47,13 +47,17 @@ extern "C" { #define MAXNAMELEN 64 /* max name length (hostname and port name) */ #endif +/** + * @brief Flags to control name resolution. + */ typedef struct _e_addr_resolve { - gboolean mac_name; - gboolean network_name; - gboolean transport_name; - gboolean concurrent_dns; - gboolean use_external_net_name_resolver; - gboolean load_hosts_file_from_profile_only; + gboolean mac_name; /**< Whether to resolve Ethernet MAC to manufacturer names */ + gboolean network_name; /**< Whether to resolve IPv4, IPv6, and IPX addresses into host names */ + gboolean transport_name; /**< Whether to resolve TCP/UDP ports into service names */ + gboolean concurrent_dns; /**< Whether to use concurrent DNS name resolution */ + gboolean dns_pkt_addr_resolution; /**< Whether to resolve addresses using captured DNS packets */ + gboolean use_external_net_name_resolver; /**< Whether to system's configured DNS server to resolve names */ + gboolean load_hosts_file_from_profile_only; /**< Whether to only load the hosts in the current profile, not hosts files */ } e_addr_resolve; struct hashether; @@ -138,6 +142,11 @@ WS_DLL_PUBLIC gchar *sctp_port_to_display(wmem_allocator_t *allocator, guint por struct pref_module; extern void addr_resolve_pref_init(struct pref_module *nameres); +/* + * disable_name_resolution() sets all relevant gbl_resolv_flags to FALSE. + */ +WS_DLL_PUBLIC void disable_name_resolution(void); + /** If we're using c-ares or ADNS, process outstanding host name lookups. * This is called from a GLIB timeout in Wireshark and before processing * each packet in TShark. diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c index 2964961ece..96eb76fffc 100644 --- a/epan/dissectors/packet-dns.c +++ b/epan/dissectors/packet-dns.c @@ -420,9 +420,6 @@ static range_t *global_dns_udp_port_range; /* desegmentation of DNS over TCP */ static gboolean dns_desegment = TRUE; -/* whether or not to use DNS data we see in packets to resolve addresses */ -static gboolean dns_use_for_addr_resolution = TRUE; - /* Dissector handle for GSSAPI */ static dissector_handle_t gssapi_handle; static dissector_handle_t ntlmssp_handle; @@ -1814,7 +1811,7 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset, proto_item_append_text(trr, ", addr %s", addr); proto_tree_add_item(rr_tree, hf_dns_a, tvb, cur_offset, 4, ENC_BIG_ENDIAN); - if (dns_use_for_addr_resolution && (dns_class & 0x7f) == C_IN) { + if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN) { guint32 addr_int; tvb_memcpy(tvb, &addr_int, cur_offset, sizeof(addr_int)); add_ipv4_name(addr_int, name); @@ -2425,7 +2422,7 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset, proto_tree_add_item(rr_tree, hf_dns_aaaa, tvb, cur_offset, 16, ENC_NA); - if (dns_use_for_addr_resolution && (dns_class & 0x7f) == C_IN) { + if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN) { struct e_in6_addr addr_in6; tvb_memcpy(tvb, &addr_in6, cur_offset, sizeof(addr_in6)); add_ipv6_name(&addr_in6, name); @@ -5616,10 +5613,11 @@ proto_register_dns(void) " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", &dns_desegment); - prefs_register_bool_preference(dns_module, "use_for_addr_resolution", - "Use DNS packet data for address resolution", - "Whether address/name pairs found in dissected DNS packets should be used by Wireshark for name resolution.", - &dns_use_for_addr_resolution); + prefs_register_obsolete_preference(dns_module, "use_for_addr_resolution"); + + prefs_register_static_text_preference(dns_module, "text_use_for_addr_resolution", + "DNS address resolution settings can be changed in the Name Resolution preferences", + "DNS address resolution settings can be changed in the Name Resolution preferences"); dns_tsig_dissector_table = register_dissector_table("dns.tsig.mac", "DNS TSIG MAC Dissectors", FT_STRING, BASE_NONE); diff --git a/epan/prefs.c b/epan/prefs.c index 4b993001ef..16f08be70c 100644 --- a/epan/prefs.c +++ b/epan/prefs.c @@ -3761,6 +3761,9 @@ string_to_name_resolve(const char *string, e_addr_resolve *name_resolve) case 'C': name_resolve->concurrent_dns = TRUE; break; + case 'd': + name_resolve->dns_pkt_addr_resolution = TRUE; + break; default: /* * Unrecognized letter. @@ -3936,17 +3939,11 @@ set_pref(gchar *pref_name, const gchar *value, void *private_data _U_, gbl_resolv_flags.concurrent_dns = TRUE; } else if (g_ascii_strcasecmp(value, "false") == 0) { - gbl_resolv_flags.mac_name = FALSE; - gbl_resolv_flags.network_name = FALSE; - gbl_resolv_flags.transport_name = FALSE; - gbl_resolv_flags.concurrent_dns = FALSE; + disable_name_resolution(); } else { /* start out with none set */ - gbl_resolv_flags.mac_name = FALSE; - gbl_resolv_flags.network_name = FALSE; - gbl_resolv_flags.transport_name = FALSE; - gbl_resolv_flags.concurrent_dns = FALSE; + disable_name_resolution(); if (string_to_name_resolve(value, &gbl_resolv_flags) != '\0') return PREFS_SET_SYNTAX_ERR; } diff --git a/rawshark.c b/rawshark.c index 6981f6d3a5..c44bacef4b 100644 --- a/rawshark.c +++ b/rawshark.c @@ -201,7 +201,7 @@ print_usage(FILE *output) fprintf(output, " packet encapsulation or protocol\n"); fprintf(output, " -F <field> field to display\n"); fprintf(output, " -n disable all name resolution (def: all enabled)\n"); - fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n"); + fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n"); fprintf(output, " -p use the system's packet header format\n"); fprintf(output, " (which may have 64-bit timestamps)\n"); fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n"); @@ -636,15 +636,12 @@ DIAG_ON(cast-qual) line_buffered = TRUE; break; case 'n': /* No name resolution */ - gbl_resolv_flags.mac_name = FALSE; - gbl_resolv_flags.network_name = FALSE; - gbl_resolv_flags.transport_name = FALSE; - gbl_resolv_flags.concurrent_dns = FALSE; + disable_name_resolution(); break; case 'N': /* Select what types of addresses/port #s to resolve */ badopt = string_to_name_resolve(optarg, &gbl_resolv_flags); if (badopt != '\0') { - cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'", + cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'", badopt); exit(1); } @@ -345,7 +345,7 @@ print_usage(FILE *output) fprintf(output, " -Y <display filter> packet displaY filter in Wireshark display filter\n"); fprintf(output, " syntax\n"); fprintf(output, " -n disable all name resolutions (def: all enabled)\n"); - fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n"); + fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n"); fprintf(output, " -d %s ...\n", decode_as_arg_template); fprintf(output, " \"Decode As\", see the man page for details\n"); fprintf(output, " Example: tcp.port==8888,http\n"); @@ -1520,10 +1520,7 @@ DIAG_ON(cast-qual) #endif break; case 'n': /* No name resolution */ - gbl_resolv_flags.mac_name = FALSE; - gbl_resolv_flags.network_name = FALSE; - gbl_resolv_flags.transport_name = FALSE; - gbl_resolv_flags.concurrent_dns = FALSE; + disable_name_resolution(); break; case 'N': /* Select what types of addresses/port #s to resolve */ badopt = string_to_name_resolve(optarg, &gbl_resolv_flags); @@ -1531,6 +1528,7 @@ DIAG_ON(cast-qual) cmdarg_err("-N specifies unknown resolving option '%c'; valid options are:", badopt); cmdarg_err_cont("\t'C' to enable concurrent (asynchronous) DNS lookups\n" + "\t'd' to enable address resolution from captured DNS packets\n" "\t'm' to enable MAC address resolution\n" "\t'n' to enable network address resolution\n" "\t'N' to enable using external resolvers (e.g., DNS)\n" diff --git a/ui/gtk/main.c b/ui/gtk/main.c index b5cd7922bc..d3512c3404 100644 --- a/ui/gtk/main.c +++ b/ui/gtk/main.c @@ -952,7 +952,15 @@ void collapse_tree_cb(GtkWidget *widget _U_, gpointer data _U_) void resolve_name_cb(GtkWidget *widget _U_, gpointer data _U_) { - static const e_addr_resolve resolv_flags = {TRUE, TRUE, TRUE, TRUE, TRUE, FALSE}; + static const e_addr_resolve resolv_flags = { + TRUE, /* mac_name */ + TRUE, /* network_name */ + TRUE, /* transport_name */ + TRUE, /* concurrent_dns */ + TRUE, /* dns_pkt_addr_resolution */ + TRUE, /* use_external_net_name_resolver */ + FALSE /* load_hosts_file_from_profile_only */ + }; if (cfile.edt->tree) { proto_tree_draw_resolve(cfile.edt->tree, tree_view_gbl, &resolv_flags); @@ -1231,7 +1239,7 @@ print_usage(gboolean for_help_option) { fprintf(output, "Processing:\n"); fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n"); fprintf(output, " -n disable all name resolutions (def: all enabled)\n"); - fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n"); + fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n"); fprintf(output, " --disable-protocol <proto_name>\n"); fprintf(output, " disable dissection of proto_name\n"); fprintf(output, " --enable-heuristic <short_name>\n"); @@ -2682,15 +2690,12 @@ DIAG_ON(cast-qual) prefs_p->gui_gtk2_font_name = g_strdup(optarg); break; case 'n': /* No name resolution */ - gbl_resolv_flags.mac_name = FALSE; - gbl_resolv_flags.network_name = FALSE; - gbl_resolv_flags.transport_name = FALSE; - gbl_resolv_flags.concurrent_dns = FALSE; + disable_name_resolution(); break; case 'N': /* Select what types of addresses/port #s to resolve */ badopt = string_to_name_resolve(optarg, &gbl_resolv_flags); if (badopt != '\0') { - cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'", + cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'", badopt); exit(1); } diff --git a/wireshark-qt.cpp b/wireshark-qt.cpp index 6ac94b451c..4e3e54f5f5 100644 --- a/wireshark-qt.cpp +++ b/wireshark-qt.cpp @@ -215,7 +215,7 @@ print_usage(gboolean for_help_option) { fprintf(output, "Processing:\n"); fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n"); fprintf(output, " -n disable all name resolutions (def: all enabled)\n"); - fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n"); + fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n"); fprintf(output, " --disable-protocol <proto_name>\n"); fprintf(output, " disable dissection of proto_name\n"); fprintf(output, " --enable-heuristic <short_name>\n"); @@ -971,15 +971,12 @@ DIAG_ON(cast-qual) /* Not supported yet */ break; case 'n': /* No name resolution */ - gbl_resolv_flags.mac_name = FALSE; - gbl_resolv_flags.network_name = FALSE; - gbl_resolv_flags.transport_name = FALSE; - gbl_resolv_flags.concurrent_dns = FALSE; + disable_name_resolution(); break; case 'N': /* Select what types of addresses/port #s to resolve */ badopt = string_to_name_resolve(optarg, &gbl_resolv_flags); if (badopt != '\0') { - cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'", + cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'", badopt); exit(1); } |