Re: manual address resolution is broken

[Guy Harris <guy () alum mit edu>]

On May 28, 2013, at 5:32 PM, Ed Beroset <beroset () mindspring com> wrote:

> As I understand it, there are potentially four different (potential) sources for name resolution.  They are 1) a 
> named hosts file (not necessarily the system hosts file) 2) whatever is behind OS gethostbyaddr() call

*Or* whatever we offer as a replacement for gethostbyaddr(), such as ADNS or C-ARES (to do asynchronous name 
resolution).

(What's behind gethostbyaddr() is probably:

        on UN*X, some combination of the system hosts file and DNS and/or NIS;

        on Windows, some combination of the system hosts file and DNS and/or NetBIOS.

NIS and NetBIOS are legacy mechanisms, but there are probably still sites using them; I don't know if any sites where 
anybody's likely to use Wireshark use them *instead of*, rather than *in addition to*, DNS.)

> 3) NRB in capture file and 4) manually entered names.

> For name resolution, I'm thinking that it might be useful to allow the user to select both the order for resolution 
> and whether each is used or not.

Yes, that might be useful, at least for some sources.

However, I suspect that:

        manually entered names wouldn't have been entered if they weren't intended to override everything else;

        for a given capture file, name/address pairs from the NRB should *always* override all other sources; if 
they're not the right pairs for the file, they shouldn't have been in the file in the first place.

        whether the hosts file should override anything else may depend on what the host file's purpose is:

                if it's the system hosts file, being used in addition to ADNS or C-ARES, it shouldn't override anything 
that ADNS or C-ARES don't override (if you're using gethostbyaddr(), it's probably already using the system hosts file, 
so there's no need to specify it explicitly);

                if it's a personal hosts file, it should probably override system sources such as gethostbyaddr(), but 
nothing else;

                if it's a per-capture hosts file - i.e., a hosts file that works around the lack of pcap-ng-style 
in-capture-file name/address pairs in file formats that don't support it - it should probably be treated the same way 
NRB entries are treated.

(Perhaps there should be support for multiple types of host files - personal, which might be in a hosts file in your 
Wireshark settings directory, and per-capture-file.

As for the system hosts file, is there any reason to use ADNS or C-ARES instead of, for example, multiple name resolver 
threads using Boring Old gethostbyaddr()?)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe