On May 28, 2013, at 5:32 PM, Ed Beroset <bero...@mindspring.com> wrote:
> As I understand it, there are potentially four different (potential) sources
> for name resolution. They are 1) a named hosts file (not necessarily the
> system hosts file) 2) whatever is behind OS gethostbyaddr() call
*Or* whatever we offer as a replacement for gethostbyaddr(), such as ADNS or
C-ARES (to do asynchronous name resolution).
(What's behind gethostbyaddr() is probably:
on UN*X, some combination of the system hosts file and DNS and/or NIS;
on Windows, some combination of the system hosts file and DNS and/or
NetBIOS.
NIS and NetBIOS are legacy mechanisms, but there are probably still sites using
them; I don't know if any sites where anybody's likely to use Wireshark use
them *instead of*, rather than *in addition to*, DNS.)
> 3) NRB in capture file and 4) manually entered names.
>
> For name resolution, I'm thinking that it might be useful to allow the user
> to select both the order for resolution and whether each is used or not.
Yes, that might be useful, at least for some sources.
However, I suspect that:
manually entered names wouldn't have been entered if they weren't
intended to override everything else;
for a given capture file, name/address pairs from the NRB should
*always* override all other sources; if they're not the right pairs for the
file, they shouldn't have been in the file in the first place.
whether the hosts file should override anything else may depend on what
the host file's purpose is:
if it's the system hosts file, being used in addition to ADNS
or C-ARES, it shouldn't override anything that ADNS or C-ARES don't override
(if you're using gethostbyaddr(), it's probably already using the system hosts
file, so there's no need to specify it explicitly);
if it's a personal hosts file, it should probably override
system sources such as gethostbyaddr(), but nothing else;
if it's a per-capture hosts file - i.e., a hosts file that
works around the lack of pcap-ng-style in-capture-file name/address pairs in
file formats that don't support it - it should probably be treated the same way
NRB entries are treated.
(Perhaps there should be support for multiple types of host files - personal,
which might be in a hosts file in your Wireshark settings directory, and
per-capture-file.
As for the system hosts file, is there any reason to use ADNS or C-ARES instead
of, for example, multiple name resolver threads using Boring Old
gethostbyaddr()?)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
