osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

DNS: move DNS name resolution pref to Name Resolution prefs 

Move the boolean flag for using captured DNS packet info for name resolution
to the Name Resolution preferences settings, as it was rather surprising to
disable Name Resolution preferences and still have names being resolved. Also
disble them all if the '-n' command line switch is used, and re-enable it for
a 'd' character in the '-N' option.

Bug: 10337
Change-Id: Ie4d47bab0100db3360cc447cd3e446b2e39aa917
Reviewed-on: https://code.wireshark.org/review/9786
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
This commit is contained in:
Hadriel Kaplan 2015-07-25 09:24:48 -04:00
parent 3fc4a831e0
commit 190e313e9d
14 changed files with 84 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/libwireshark0.symbols vendored
View File

@ -242,6 +242,7 @@ libwireshark.so.0 libwireshark0 #MINVER#
dfilter_macro_build_ftv_cache@Base 1.9.1
dfilter_macro_foreach@Base 1.9.1
dfilter_macro_get_uat@Base 1.9.1
disable_name_resolution@Base 1.99.9
display_epoch_time@Base 1.9.1
display_signed_time@Base 1.9.1
dissect_IDispatch_GetIDsOfNames_resp@Base 1.9.1

2
doc/rawshark.pod
View File

@ -172,6 +172,8 @@ B<t> to enable transport-layer port number resolution
B<C> to enable concurrent (asynchronous) DNS lookups
B<d> to enable resolution from captured DNS packets
=item -o E<lt>preferenceE<gt>:E<lt>valueE<gt>
Set a preference value, overriding the default value and any value read

2
doc/tshark.pod
View File

@ -571,6 +571,8 @@ The argument is a string that may contain the letters:
B<C> to enable concurrent (asynchronous) DNS lookups
B<d> to enable resolution from captured DNS packets
B<m> to enable MAC address resolution
B<n> to enable network address resolution

2
doc/wireshark.pod.template
View File

@ -470,6 +470,8 @@ B<t> to enable transport-layer port number resolution
B<C> to enable concurrent (asynchronous) DNS lookups
B<d> to enable resolution from captured DNS packets
=item -o E<lt>preference/recent settingE<gt>
Set a preference or recent value, overriding the default value and any value

4
docbook/wsug_src/WSUG_app_tools.asciidoc
View File

@ -67,7 +67,7 @@ Processing:
-Y <display filter> packet displaY filter in Wireshark display filter
syntax
-n disable all name resolutions (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mntC"
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-d <layer_type>==<selector>,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==8888,http
@ -330,7 +330,7 @@ Processing:
packet encapsulation or protocol
-F <field> field to display
-n disable all name resolution (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mntC"
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
-p use the system's packet header format
(which may have 64-bit timestamps)
-R <read filter> packet filter in Wireshark display filter syntax

5
docbook/wsug_src/WSUG_chapter_customize.asciidoc
View File

@ -77,7 +77,7 @@ Input file:
Processing:
-R <read filter> packet filter in Wireshark display filter syntax
-n disable all name resolutions (def: all enabled)
-N <name resolve flags> enable specific name resolution(s): "mntC"
-N <name resolve flags> enable specific name resolution(s): "mnNtCd"
--disable-protocol <proto_name> disable dissection of proto_name
Repeat option for each protocol
--enable-heuristic <short_name> enable dissection of heuristic protocol
@ -289,7 +289,8 @@ Turns on name resolving for particular types of addresses and port numbers. The
argument is a string that may contain the letters `m` to enable MAC address
resolution, `n` to enable network address resolution, and `t` to enable
transport-layer port number resolution. This overrides `-n` if both `-N` and
`-n` are present. The letter C enables concurrent (asynchronous) DNS lookups.
`-n` are present. The letter `C` enables concurrent (asynchronous) DNS lookups.
The letter `d` enables resolution from captured DNS packets.
-o <preference or recent settings>::

25
epan/addr_resolv.c
View File

@ -299,7 +299,15 @@ ipv6_equal(gconstpointer v1, gconstpointer v2)
/*
* Flag controlling what names to resolve.
*/
e_addr_resolve gbl_resolv_flags = {TRUE, FALSE, FALSE, TRUE, TRUE, FALSE};
e_addr_resolve gbl_resolv_flags = {
TRUE, /* mac_name */
FALSE, /* network_name */
FALSE, /* transport_name */
TRUE, /* concurrent_dns */
TRUE, /* dns_pkt_addr_resolution */
TRUE, /* use_external_net_name_resolver */
FALSE /* load_hosts_file_from_profile_only */
};
#if defined(HAVE_C_ARES) || defined(HAVE_GNU_ADNS)
static guint name_resolve_concurrency = 500;
#endif
@ -2414,6 +2422,11 @@ addr_resolve_pref_init(module_t *nameres)
" capture file name resolution blocks and DNS packets in the capture.",
&gbl_resolv_flags.network_name);
prefs_register_bool_preference(nameres, "dns_pkt_addr_resolution",
"Use captured DNS packet data for address resolution",
"Whether address/name pairs found in captured DNS packets should be used by Wireshark for name resolution.",
&gbl_resolv_flags.dns_pkt_addr_resolution);
prefs_register_bool_preference(nameres, "use_external_name_resolver",
"Use an external network name resolver",
"Use your system's configured name resolver"
@ -2453,6 +2466,16 @@ addr_resolve_pref_init(module_t *nameres)
}
void
disable_name_resolution(void) {
gbl_resolv_flags.mac_name = FALSE;
gbl_resolv_flags.network_name = FALSE;
gbl_resolv_flags.transport_name = FALSE;
gbl_resolv_flags.concurrent_dns = FALSE;
gbl_resolv_flags.dns_pkt_addr_resolution = FALSE;
gbl_resolv_flags.use_external_net_name_resolver = FALSE;
}
#ifdef HAVE_C_ARES
gboolean
host_name_lookup_process(void) {

21
epan/addr_resolv.h
View File

@ -47,13 +47,17 @@ extern "C" {
#define MAXNAMELEN 64 /* max name length (hostname and port name) */
#endif
/**
* @brief Flags to control name resolution.
*/
typedef struct _e_addr_resolve {
gboolean mac_name;
gboolean network_name;
gboolean transport_name;
gboolean concurrent_dns;
gboolean use_external_net_name_resolver;
gboolean load_hosts_file_from_profile_only;
gboolean mac_name; /**< Whether to resolve Ethernet MAC to manufacturer names */
gboolean network_name; /**< Whether to resolve IPv4, IPv6, and IPX addresses into host names */
gboolean transport_name; /**< Whether to resolve TCP/UDP ports into service names */
gboolean concurrent_dns; /**< Whether to use concurrent DNS name resolution */
gboolean dns_pkt_addr_resolution; /**< Whether to resolve addresses using captured DNS packets */
gboolean use_external_net_name_resolver; /**< Whether to system's configured DNS server to resolve names */
gboolean load_hosts_file_from_profile_only; /**< Whether to only load the hosts in the current profile, not hosts files */
} e_addr_resolve;
struct hashether;
@ -138,6 +142,11 @@ WS_DLL_PUBLIC gchar *sctp_port_to_display(wmem_allocator_t *allocator, guint por
struct pref_module;
extern void addr_resolve_pref_init(struct pref_module *nameres);
/*
* disable_name_resolution() sets all relevant gbl_resolv_flags to FALSE.
*/
WS_DLL_PUBLIC void disable_name_resolution(void);
/** If we're using c-ares or ADNS, process outstanding host name lookups.
* This is called from a GLIB timeout in Wireshark and before processing
* each packet in TShark.

16
epan/dissectors/packet-dns.c
View File

@ -420,9 +420,6 @@ static range_t *global_dns_udp_port_range;
/* desegmentation of DNS over TCP */
static gboolean dns_desegment = TRUE;
/* whether or not to use DNS data we see in packets to resolve addresses */
static gboolean dns_use_for_addr_resolution = TRUE;
/* Dissector handle for GSSAPI */
static dissector_handle_t gssapi_handle;
static dissector_handle_t ntlmssp_handle;
@ -1814,7 +1811,7 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
proto_item_append_text(trr, ", addr %s", addr);
proto_tree_add_item(rr_tree, hf_dns_a, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
if (dns_use_for_addr_resolution && (dns_class & 0x7f) == C_IN) {
if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN) {
guint32 addr_int;
tvb_memcpy(tvb, &addr_int, cur_offset, sizeof(addr_int));
add_ipv4_name(addr_int, name);
@ -2425,7 +2422,7 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
proto_tree_add_item(rr_tree, hf_dns_aaaa, tvb, cur_offset, 16, ENC_NA);
if (dns_use_for_addr_resolution && (dns_class & 0x7f) == C_IN) {
if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN) {
struct e_in6_addr addr_in6;
tvb_memcpy(tvb, &addr_in6, cur_offset, sizeof(addr_in6));
add_ipv6_name(&addr_in6, name);
@ -5616,10 +5613,11 @@ proto_register_dns(void)
" To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
&dns_desegment);
prefs_register_bool_preference(dns_module, "use_for_addr_resolution",
"Use DNS packet data for address resolution",
"Whether address/name pairs found in dissected DNS packets should be used by Wireshark for name resolution.",
&dns_use_for_addr_resolution);
prefs_register_obsolete_preference(dns_module, "use_for_addr_resolution");
prefs_register_static_text_preference(dns_module, "text_use_for_addr_resolution",
"DNS address resolution settings can be changed in the Name Resolution preferences",
"DNS address resolution settings can be changed in the Name Resolution preferences");
dns_tsig_dissector_table = register_dissector_table("dns.tsig.mac", "DNS TSIG MAC Dissectors", FT_STRING, BASE_NONE);

13
epan/prefs.c
View File

@ -3761,6 +3761,9 @@ string_to_name_resolve(const char *string, e_addr_resolve *name_resolve)
case 'C':
name_resolve->concurrent_dns = TRUE;
break;
case 'd':
name_resolve->dns_pkt_addr_resolution = TRUE;
break;
default:
/*
* Unrecognized letter.
@ -3936,17 +3939,11 @@ set_pref(gchar *pref_name, const gchar *value, void *private_data _U_,
gbl_resolv_flags.concurrent_dns = TRUE;
}
else if (g_ascii_strcasecmp(value, "false") == 0) {
gbl_resolv_flags.mac_name = FALSE;
gbl_resolv_flags.network_name = FALSE;
gbl_resolv_flags.transport_name = FALSE;
gbl_resolv_flags.concurrent_dns = FALSE;
disable_name_resolution();
}
else {
/* start out with none set */
gbl_resolv_flags.mac_name = FALSE;
gbl_resolv_flags.network_name = FALSE;
gbl_resolv_flags.transport_name = FALSE;
gbl_resolv_flags.concurrent_dns = FALSE;
disable_name_resolution();
if (string_to_name_resolve(value, &gbl_resolv_flags) != '\0')
return PREFS_SET_SYNTAX_ERR;
}

9
rawshark.c
View File

@ -201,7 +201,7 @@ print_usage(FILE *output)
fprintf(output, " packet encapsulation or protocol\n");
fprintf(output, " -F <field> field to display\n");
fprintf(output, " -n disable all name resolution (def: all enabled)\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
fprintf(output, " -p use the system's packet header format\n");
fprintf(output, " (which may have 64-bit timestamps)\n");
fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n");
@ -636,15 +636,12 @@ DIAG_ON(cast-qual)
line_buffered = TRUE;
break;
case 'n': /* No name resolution */
gbl_resolv_flags.mac_name = FALSE;
gbl_resolv_flags.network_name = FALSE;
gbl_resolv_flags.transport_name = FALSE;
gbl_resolv_flags.concurrent_dns = FALSE;
disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
if (badopt != '\0') {
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
badopt);
exit(1);
}

8
tshark.c
View File

@ -345,7 +345,7 @@ print_usage(FILE *output)
fprintf(output, " -Y <display filter> packet displaY filter in Wireshark display filter\n");
fprintf(output, " syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
fprintf(output, " -d %s ...\n", decode_as_arg_template);
fprintf(output, " \"Decode As\", see the man page for details\n");
fprintf(output, " Example: tcp.port==8888,http\n");
@ -1520,10 +1520,7 @@ DIAG_ON(cast-qual)
#endif
break;
case 'n': /* No name resolution */
gbl_resolv_flags.mac_name = FALSE;
gbl_resolv_flags.network_name = FALSE;
gbl_resolv_flags.transport_name = FALSE;
gbl_resolv_flags.concurrent_dns = FALSE;
disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
@ -1531,6 +1528,7 @@ DIAG_ON(cast-qual)
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are:",
badopt);
cmdarg_err_cont("\t'C' to enable concurrent (asynchronous) DNS lookups\n"
"\t'd' to enable address resolution from captured DNS packets\n"
"\t'm' to enable MAC address resolution\n"
"\t'n' to enable network address resolution\n"
"\t'N' to enable using external resolvers (e.g., DNS)\n"

19
ui/gtk/main.c
View File

@ -952,7 +952,15 @@ void collapse_tree_cb(GtkWidget *widget _U_, gpointer data _U_)
void resolve_name_cb(GtkWidget *widget _U_, gpointer data _U_)
{
static const e_addr_resolve resolv_flags = {TRUE, TRUE, TRUE, TRUE, TRUE, FALSE};
static const e_addr_resolve resolv_flags = {
TRUE, /* mac_name */
TRUE, /* network_name */
TRUE, /* transport_name */
TRUE, /* concurrent_dns */
TRUE, /* dns_pkt_addr_resolution */
TRUE, /* use_external_net_name_resolver */
FALSE /* load_hosts_file_from_profile_only */
};
if (cfile.edt->tree) {
proto_tree_draw_resolve(cfile.edt->tree, tree_view_gbl, &resolv_flags);
@ -1231,7 +1239,7 @@ print_usage(gboolean for_help_option) {
fprintf(output, "Processing:\n");
fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
fprintf(output, " --disable-protocol <proto_name>\n");
fprintf(output, " disable dissection of proto_name\n");
fprintf(output, " --enable-heuristic <short_name>\n");
@ -2682,15 +2690,12 @@ DIAG_ON(cast-qual)
prefs_p->gui_gtk2_font_name = g_strdup(optarg);
break;
case 'n': /* No name resolution */
gbl_resolv_flags.mac_name = FALSE;
gbl_resolv_flags.network_name = FALSE;
gbl_resolv_flags.transport_name = FALSE;
gbl_resolv_flags.concurrent_dns = FALSE;
disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
if (badopt != '\0') {
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
badopt);
exit(1);
}

9
wireshark-qt.cpp
View File

@ -215,7 +215,7 @@ print_usage(gboolean for_help_option) {
fprintf(output, "Processing:\n");
fprintf(output, " -R <read filter> packet filter in Wireshark display filter syntax\n");
fprintf(output, " -n disable all name resolutions (def: all enabled)\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mntC\"\n");
fprintf(output, " -N <name resolve flags> enable specific name resolution(s): \"mnNtCd\"\n");
fprintf(output, " --disable-protocol <proto_name>\n");
fprintf(output, " disable dissection of proto_name\n");
fprintf(output, " --enable-heuristic <short_name>\n");
@ -971,15 +971,12 @@ DIAG_ON(cast-qual)
/* Not supported yet */
break;
case 'n': /* No name resolution */
gbl_resolv_flags.mac_name = FALSE;
gbl_resolv_flags.network_name = FALSE;
gbl_resolv_flags.transport_name = FALSE;
gbl_resolv_flags.concurrent_dns = FALSE;
disable_name_resolution();
break;
case 'N': /* Select what types of addresses/port #s to resolve */
badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
if (badopt != '\0') {
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
badopt);
exit(1);
}