Re: Disable address/name resolution in libpcap

[Guy Harris <guy () alum mit edu>]

On Apr 14, 2016, at 12:05 AM, Denis Ovsienko <denis () ovsienko info> wrote:

> ---- On Wed, 13 Apr 2016 16:44:24 +0100 Ed Sealing  wrote ---- 
> > We're writing an application around libpcap. The app may or may not have 
> > DNS resolution available. We've noticed that when DNS resolution is not 
> > available, we experience long delays when pre-testing the filters (prior to 
> > applying them). 
> >
> > Is there a way to programatically disable name resolution in libpcap 
> > (similar to tcpdump "-n" argument)? I haven't been able to find a variable 
> > to pass in that would accomplish this directly in the library. I'm sure it 
> > exists, but can't seem to find it. 
>
> "-n" is an option to tcpdump only, libpcap works the same way with and without it. The only case where DNS may be 
> involved in libpcap is if the filter contains hostnames, which would need to be translated to addresses first to 
> compile the filter. Could you post an example of the delay you are seeing?

Presumably, if pcap_compile_ex() or pcap_compile_nonameres() or whatever were to disable name resolution, it would 
treat *all* host names as failing to resolve, so

        host www.example.com

would fail to compile.  This means, of course, that the pre-test would always fail unless you use IP addresses instead 
of host names.

Wireshark's capture filter text box checks the syntax of the filter, showing a red background if it doesn't compile and 
a green background if it does; it runs the check in a separate thread and, until the thread completes doing the name 
resolution, the background is yellow, meaning "I don't know yet whether this is valid".
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers