ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] manual address resolution is broken

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anders Broman <anders.broman@xxxxxxxxxxxx>
Date: Mon, 27 May 2013 15:05:10 +0000

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Ed Beroset
Sent: den 27 maj 2013 16:51
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] manual address resolution is broken

Ed Beroset wrote:
> Today I was analyzing some capture files and wanted to use manual name 
> resolution to make things a little to interpret, but I found out that 
> manual name resolution no longer works.  The bug has already been 
> reported
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8462 and a patch 
> submitted, but I'm not sure that patch is the right way to resolve 
> things since it basically undoes (incompletely) a deliberate change 
> that was done some months ago:
> http://anonsvn.wireshark.org/viewvc?view=revision&revision=45511
>
> In my particular case, I have multiple capture files of traffic 
> between the same two points and so it would actually be convenient in 
> my case for the manual address resolution to persist between capture 
> files.  On this particular machine, I have root privileges, and so 
> could edit the hosts file, but we can't count on that for most people.
>
> Before I change the code, I think it would be useful to agree on 
> desired behavior first.  At the moment, it's clearly broken because 
> right after a manual name is entered, it's erased again by the call to 
> host_name_lookup_cleanup() in epan/packet.c before the resolution is 
> invoked again.  Here are three possible options:
>
> 1. have manually entered host names persist for the duration that 
> Wireshark is running 2. have them persist only until another capture 
> is begun or capture file entered 3. have a name resolution table 
> that's stored as a persistent setting per configuration profile
>
> Variations might include: for option 2 dialog that asks, if there is a 
> non-empty list, whether to keep or dump the names; or for option 1, 
> have a manual means to dump all manually entered host names.
>
> My inclination would be for option 2 be the default, but with option
> 1 being available as a configuration checkbox.  What say you all?

Since I hadn't received any comments on this, I'm just going to code it the way I suggested and submit the patch.

Ed

> My inclination would be for option 2 be the default, but with option
> 1 being available as a configuration checkbox.  
Yes this sounds like the thing to do for me to, regarding address resolution there has been discussions of a rewrite using "normal" hash tables
And options not to dump NRB:s
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7380
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8349

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube