DNS: move DNS name resolution pref to Name Resolution prefs

Move the boolean flag for using captured DNS packet info for name resolution to the Name Resolution preferences settings, as it was rather surprising to disable Name Resolution preferences and still have names being resolved. Also disble them all if the '-n' command line switch is used, and re-enable it for a 'd' character in the '-N' option. Bug: 10337 Change-Id: Ie4d47bab0100db3360cc447cd3e446b2e39aa917 Reviewed-on: https://code.wireshark.org/review/9786 Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
network-analytics · Jul 25, 2015 · 190e313 · 190e313
1 parent 3fc4a83
commit 190e313
Show file tree

Hide file tree

Showing 14 changed files with 84 additions and 52 deletions.
diff --git a/debian/libwireshark0.symbols b/debian/libwireshark0.symbols
@@ -242,6 +242,7 @@ libwireshark.so.0 libwireshark0 #MINVER#
  dfilter_macro_build_ftv_cache@Base 1.9.1
  dfilter_macro_foreach@Base 1.9.1
  dfilter_macro_get_uat@Base 1.9.1
+ disable_name_resolution@Base 1.99.9
  display_epoch_time@Base 1.9.1
  display_signed_time@Base 1.9.1
  dissect_IDispatch_GetIDsOfNames_resp@Base 1.9.1

diff --git a/doc/rawshark.pod b/doc/rawshark.pod
@@ -172,6 +172,8 @@ B<t> to enable transport-layer port number resolution
 
 B<C> to enable concurrent (asynchronous) DNS lookups
 
+B<d> to enable resolution from captured DNS packets
+
 =item -o  E<lt>preferenceE<gt>:E<lt>valueE<gt>
 
 Set a preference value, overriding the default value and any value read

diff --git a/doc/tshark.pod b/doc/tshark.pod
@@ -571,6 +571,8 @@ The argument is a string that may contain the letters:
 
 B<C> to enable concurrent (asynchronous) DNS lookups
 
+B<d> to enable resolution from captured DNS packets
+
 B<m> to enable MAC address resolution
 
 B<n> to enable network address resolution

diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template
@@ -470,6 +470,8 @@ B<t> to enable transport-layer port number resolution
 
 B<C> to enable concurrent (asynchronous) DNS lookups
 
+B<d> to enable resolution from captured DNS packets
+
 =item -o  E<lt>preference/recent settingE<gt>
 
 Set a preference or recent value, overriding the default value and any value

diff --git a/docbook/wsug_src/WSUG_app_tools.asciidoc b/docbook/wsug_src/WSUG_app_tools.asciidoc
@@ -67,7 +67,7 @@ Processing:
   -Y <display filter>      packet displaY filter in Wireshark display filter
                            syntax
   -n                       disable all name resolutions (def: all enabled)
-  -N <name resolve flags>  enable specific name resolution(s): "mntC"
+  -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"
   -d <layer_type>==<selector>,<decode_as_protocol> ...
                            "Decode As", see the man page for details
                            Example: tcp.port==8888,http
@@ -330,7 +330,7 @@ Processing:
                            packet encapsulation or protocol
   -F <field>               field to display
   -n                       disable all name resolution (def: all enabled)
-  -N <name resolve flags>  enable specific name resolution(s): "mntC"
+  -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"
   -p                       use the system's packet header format
                            (which may have 64-bit timestamps)
   -R <read filter>         packet filter in Wireshark display filter syntax

diff --git a/docbook/wsug_src/WSUG_chapter_customize.asciidoc b/docbook/wsug_src/WSUG_chapter_customize.asciidoc
@@ -77,7 +77,7 @@ Input file:
 Processing:
   -R <read filter>         packet filter in Wireshark display filter syntax
   -n                       disable all name resolutions (def: all enabled)
-  -N <name resolve flags>  enable specific name resolution(s): "mntC"
+  -N <name resolve flags>  enable specific name resolution(s): "mnNtCd"
   --disable-protocol <proto_name> disable dissection of proto_name
                            Repeat option for each protocol
   --enable-heuristic <short_name> enable dissection of heuristic protocol
@@ -289,7 +289,8 @@ Turns on name resolving for particular types of addresses and port numbers. The
 argument is a string that may contain the letters `m` to enable MAC address
 resolution, `n` to enable network address resolution, and `t` to enable
 transport-layer port number resolution. This overrides `-n` if both `-N` and
-`-n` are present. The letter C enables concurrent (asynchronous) DNS lookups.
+`-n` are present. The letter `C` enables concurrent (asynchronous) DNS lookups.
+The letter `d` enables resolution from captured DNS packets.
 
 -o <preference or recent settings>::
 

diff --git a/epan/addr_resolv.c b/epan/addr_resolv.c
@@ -299,7 +299,15 @@ ipv6_equal(gconstpointer v1, gconstpointer v2)
 /*
  * Flag controlling what names to resolve.
  */
-e_addr_resolve gbl_resolv_flags = {TRUE, FALSE, FALSE, TRUE, TRUE, FALSE};
+e_addr_resolve gbl_resolv_flags = {
+    TRUE,   /* mac_name */
+    FALSE,  /* network_name */
+    FALSE,  /* transport_name */
+    TRUE,   /* concurrent_dns */
+    TRUE,   /* dns_pkt_addr_resolution */
+    TRUE,   /* use_external_net_name_resolver */
+    FALSE   /* load_hosts_file_from_profile_only */
+};
 #if defined(HAVE_C_ARES) || defined(HAVE_GNU_ADNS)
 static guint name_resolve_concurrency = 500;
 #endif
@@ -2414,6 +2422,11 @@ addr_resolve_pref_init(module_t *nameres)
             " capture file name resolution blocks and DNS packets in the capture.",
             &gbl_resolv_flags.network_name);
 
+    prefs_register_bool_preference(nameres, "dns_pkt_addr_resolution",
+            "Use captured DNS packet data for address resolution",
+            "Whether address/name pairs found in captured DNS packets should be used by Wireshark for name resolution.",
+            &gbl_resolv_flags.dns_pkt_addr_resolution);
+
     prefs_register_bool_preference(nameres, "use_external_name_resolver",
             "Use an external network name resolver",
             "Use your system's configured name resolver"
@@ -2453,6 +2466,16 @@ addr_resolve_pref_init(module_t *nameres)
 
 }
 
+void
+disable_name_resolution(void) {
+    gbl_resolv_flags.mac_name                           = FALSE;
+    gbl_resolv_flags.network_name                       = FALSE;
+    gbl_resolv_flags.transport_name                     = FALSE;
+    gbl_resolv_flags.concurrent_dns                     = FALSE;
+    gbl_resolv_flags.dns_pkt_addr_resolution            = FALSE;
+    gbl_resolv_flags.use_external_net_name_resolver     = FALSE;
+}
+
 #ifdef HAVE_C_ARES
 gboolean
 host_name_lookup_process(void) {

diff --git a/epan/addr_resolv.h b/epan/addr_resolv.h
@@ -47,13 +47,17 @@ extern "C" {
 #define MAXNAMELEN  	64	/* max name length (hostname and port name) */
 #endif
 
+/**
+ * @brief Flags to control name resolution.
+ */
 typedef struct _e_addr_resolve {
-  gboolean mac_name;
-  gboolean network_name;
-  gboolean transport_name;
-  gboolean concurrent_dns;
-  gboolean use_external_net_name_resolver;
-  gboolean load_hosts_file_from_profile_only;
+  gboolean mac_name;                          /**< Whether to resolve Ethernet MAC to manufacturer names */
+  gboolean network_name;                      /**< Whether to resolve IPv4, IPv6, and IPX addresses into host names */
+  gboolean transport_name;                    /**< Whether to resolve TCP/UDP ports into service names */
+  gboolean concurrent_dns;                    /**< Whether to use concurrent DNS name resolution */
+  gboolean dns_pkt_addr_resolution;           /**< Whether to resolve addresses using captured DNS packets */
+  gboolean use_external_net_name_resolver;    /**< Whether to system's configured DNS server to resolve names */
+  gboolean load_hosts_file_from_profile_only; /**< Whether to only load the hosts in the current profile, not hosts files */
 } e_addr_resolve;
 
 struct hashether;
@@ -138,6 +142,11 @@ WS_DLL_PUBLIC gchar *sctp_port_to_display(wmem_allocator_t *allocator, guint por
 struct pref_module;
 extern void addr_resolve_pref_init(struct pref_module *nameres);
 
+/*
+ * disable_name_resolution() sets all relevant gbl_resolv_flags to FALSE.
+ */
+WS_DLL_PUBLIC void disable_name_resolution(void);
+
 /** If we're using c-ares or ADNS, process outstanding host name lookups.
  *  This is called from a GLIB timeout in Wireshark and before processing
  *  each packet in TShark.

diff --git a/epan/dissectors/packet-dns.c b/epan/dissectors/packet-dns.c
@@ -420,9 +420,6 @@ static range_t *global_dns_udp_port_range;
 /* desegmentation of DNS over TCP */
 static gboolean dns_desegment = TRUE;
 
-/* whether or not to use DNS data we see in packets to resolve addresses */
-static gboolean dns_use_for_addr_resolution = TRUE;
-
 /* Dissector handle for GSSAPI */
 static dissector_handle_t gssapi_handle;
 static dissector_handle_t ntlmssp_handle;
@@ -1814,7 +1811,7 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
       proto_item_append_text(trr, ", addr %s", addr);
       proto_tree_add_item(rr_tree, hf_dns_a, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
 
-      if (dns_use_for_addr_resolution && (dns_class & 0x7f) == C_IN) {
+      if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN) {
         guint32 addr_int;
         tvb_memcpy(tvb, &addr_int, cur_offset, sizeof(addr_int));
         add_ipv4_name(addr_int, name);
@@ -2425,7 +2422,7 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
       proto_tree_add_item(rr_tree, hf_dns_aaaa, tvb, cur_offset, 16, ENC_NA);
 
 
-      if (dns_use_for_addr_resolution && (dns_class & 0x7f) == C_IN) {
+      if (gbl_resolv_flags.dns_pkt_addr_resolution && (dns_class & 0x7f) == C_IN) {
         struct e_in6_addr  addr_in6;
         tvb_memcpy(tvb, &addr_in6, cur_offset, sizeof(addr_in6));
         add_ipv6_name(&addr_in6, name);
@@ -5616,10 +5613,11 @@ proto_register_dns(void)
     " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
     &dns_desegment);
 
-  prefs_register_bool_preference(dns_module, "use_for_addr_resolution",
-    "Use DNS packet data for address resolution",
-    "Whether address/name pairs found in dissected DNS packets should be used by Wireshark for name resolution.",
-    &dns_use_for_addr_resolution);
+  prefs_register_obsolete_preference(dns_module, "use_for_addr_resolution");
+
+  prefs_register_static_text_preference(dns_module, "text_use_for_addr_resolution",
+                                        "DNS address resolution settings can be changed in the Name Resolution preferences",
+                                        "DNS address resolution settings can be changed in the Name Resolution preferences");
 
   dns_tsig_dissector_table = register_dissector_table("dns.tsig.mac", "DNS TSIG MAC Dissectors", FT_STRING, BASE_NONE);
 

diff --git a/epan/prefs.c b/epan/prefs.c
@@ -3761,6 +3761,9 @@ string_to_name_resolve(const char *string, e_addr_resolve *name_resolve)
         case 'C':
             name_resolve->concurrent_dns = TRUE;
             break;
+        case 'd':
+            name_resolve->dns_pkt_addr_resolution = TRUE;
+            break;
         default:
             /*
              * Unrecognized letter.
@@ -3936,17 +3939,11 @@ set_pref(gchar *pref_name, const gchar *value, void *private_data _U_,
             gbl_resolv_flags.concurrent_dns = TRUE;
         }
         else if (g_ascii_strcasecmp(value, "false") == 0) {
-            gbl_resolv_flags.mac_name = FALSE;
-            gbl_resolv_flags.network_name = FALSE;
-            gbl_resolv_flags.transport_name = FALSE;
-            gbl_resolv_flags.concurrent_dns = FALSE;
+            disable_name_resolution();
         }
         else {
             /* start out with none set */
-            gbl_resolv_flags.mac_name = FALSE;
-            gbl_resolv_flags.network_name = FALSE;
-            gbl_resolv_flags.transport_name = FALSE;
-            gbl_resolv_flags.concurrent_dns = FALSE;
+            disable_name_resolution();
             if (string_to_name_resolve(value, &gbl_resolv_flags) != '\0')
                 return PREFS_SET_SYNTAX_ERR;
         }

diff --git a/rawshark.c b/rawshark.c
@@ -201,7 +201,7 @@ print_usage(FILE *output)
     fprintf(output, "                           packet encapsulation or protocol\n");
     fprintf(output, "  -F <field>               field to display\n");
     fprintf(output, "  -n                       disable all name resolution (def: all enabled)\n");
-    fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mntC\"\n");
+    fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mnNtCd\"\n");
     fprintf(output, "  -p                       use the system's packet header format\n");
     fprintf(output, "                           (which may have 64-bit timestamps)\n");
     fprintf(output, "  -R <read filter>         packet filter in Wireshark display filter syntax\n");
@@ -636,15 +636,12 @@ DIAG_ON(cast-qual)
                 line_buffered = TRUE;
                 break;
             case 'n':        /* No name resolution */
-                gbl_resolv_flags.mac_name = FALSE;
-                gbl_resolv_flags.network_name = FALSE;
-                gbl_resolv_flags.transport_name = FALSE;
-                gbl_resolv_flags.concurrent_dns = FALSE;
+                disable_name_resolution();
                 break;
             case 'N':        /* Select what types of addresses/port #s to resolve */
                 badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
                 if (badopt != '\0') {
-                    cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
+                    cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
                                badopt);
                     exit(1);
                 }

diff --git a/tshark.c b/tshark.c
@@ -345,7 +345,7 @@ print_usage(FILE *output)
   fprintf(output, "  -Y <display filter>      packet displaY filter in Wireshark display filter\n");
   fprintf(output, "                           syntax\n");
   fprintf(output, "  -n                       disable all name resolutions (def: all enabled)\n");
-  fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mntC\"\n");
+  fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mnNtCd\"\n");
   fprintf(output, "  -d %s ...\n", decode_as_arg_template);
   fprintf(output, "                           \"Decode As\", see the man page for details\n");
   fprintf(output, "                           Example: tcp.port==8888,http\n");
@@ -1520,17 +1520,15 @@ DIAG_ON(cast-qual)
 #endif
       break;
     case 'n':        /* No name resolution */
-      gbl_resolv_flags.mac_name = FALSE;
-      gbl_resolv_flags.network_name = FALSE;
-      gbl_resolv_flags.transport_name = FALSE;
-      gbl_resolv_flags.concurrent_dns = FALSE;
+      disable_name_resolution();
       break;
     case 'N':        /* Select what types of addresses/port #s to resolve */
       badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
       if (badopt != '\0') {
         cmdarg_err("-N specifies unknown resolving option '%c'; valid options are:",
                    badopt);
         cmdarg_err_cont("\t'C' to enable concurrent (asynchronous) DNS lookups\n"
+                        "\t'd' to enable address resolution from captured DNS packets\n"
                         "\t'm' to enable MAC address resolution\n"
                         "\t'n' to enable network address resolution\n"
                         "\t'N' to enable using external resolvers (e.g., DNS)\n"

diff --git a/ui/gtk/main.c b/ui/gtk/main.c
@@ -952,7 +952,15 @@ void collapse_tree_cb(GtkWidget *widget _U_, gpointer data _U_)
 
 void resolve_name_cb(GtkWidget *widget _U_, gpointer data _U_)
 {
-    static const e_addr_resolve resolv_flags = {TRUE, TRUE, TRUE, TRUE, TRUE, FALSE};
+    static const e_addr_resolve resolv_flags = {
+        TRUE,   /* mac_name */
+        TRUE,   /* network_name */
+        TRUE,   /* transport_name */
+        TRUE,   /* concurrent_dns */
+        TRUE,   /* dns_pkt_addr_resolution */
+        TRUE,   /* use_external_net_name_resolver */
+        FALSE   /* load_hosts_file_from_profile_only */
+    };
 
     if (cfile.edt->tree) {
         proto_tree_draw_resolve(cfile.edt->tree, tree_view_gbl, &resolv_flags);
@@ -1231,7 +1239,7 @@ print_usage(gboolean for_help_option) {
     fprintf(output, "Processing:\n");
     fprintf(output, "  -R <read filter>         packet filter in Wireshark display filter syntax\n");
     fprintf(output, "  -n                       disable all name resolutions (def: all enabled)\n");
-    fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mntC\"\n");
+    fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mnNtCd\"\n");
     fprintf(output, "  --disable-protocol <proto_name>\n");
     fprintf(output, "                           disable dissection of proto_name\n");
     fprintf(output, "  --enable-heuristic <short_name>\n");
@@ -2682,15 +2690,12 @@ DIAG_ON(cast-qual)
                 prefs_p->gui_gtk2_font_name = g_strdup(optarg);
                 break;
             case 'n':        /* No name resolution */
-                gbl_resolv_flags.mac_name = FALSE;
-                gbl_resolv_flags.network_name = FALSE;
-                gbl_resolv_flags.transport_name = FALSE;
-                gbl_resolv_flags.concurrent_dns = FALSE;
+                disable_name_resolution();
                 break;
             case 'N':        /* Select what types of addresses/port #s to resolve */
                 badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
                 if (badopt != '\0') {
-                    cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
+                    cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
                                badopt);
                     exit(1);
                 }

diff --git a/wireshark-qt.cpp b/wireshark-qt.cpp
@@ -215,7 +215,7 @@ print_usage(gboolean for_help_option) {
     fprintf(output, "Processing:\n");
     fprintf(output, "  -R <read filter>         packet filter in Wireshark display filter syntax\n");
     fprintf(output, "  -n                       disable all name resolutions (def: all enabled)\n");
-    fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mntC\"\n");
+    fprintf(output, "  -N <name resolve flags>  enable specific name resolution(s): \"mnNtCd\"\n");
     fprintf(output, "  --disable-protocol <proto_name>\n");
     fprintf(output, "                           disable dissection of proto_name\n");
     fprintf(output, "  --enable-heuristic <short_name>\n");
@@ -971,15 +971,12 @@ DIAG_ON(cast-qual)
             /* Not supported yet */
             break;
         case 'n':        /* No name resolution */
-            gbl_resolv_flags.mac_name = FALSE;
-            gbl_resolv_flags.network_name = FALSE;
-            gbl_resolv_flags.transport_name = FALSE;
-            gbl_resolv_flags.concurrent_dns = FALSE;
+            disable_name_resolution();
             break;
         case 'N':        /* Select what types of addresses/port #s to resolve */
             badopt = string_to_name_resolve(optarg, &gbl_resolv_flags);
             if (badopt != '\0') {
-                cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'm', 'n', and 't'",
+                cmdarg_err("-N specifies unknown resolving option '%c'; valid options are 'C', 'd', m', 'n', 'N', and 't'",
                            badopt);
                 exit(1);
             }