Re: Disable address/name resolution in libpcap

[Denis Ovsienko <denis () ovsienko info>]

[...]
> Presumably, if pcap_compile_ex() or pcap_compile_nonameres() or whatever were to disable name resolution, it would 
> treat *all* host names as failing to resolve, so 
>  
>     host www.example.com 
>  
> would fail to compile.  This means, of course, that the pre-test would always fail unless you use IP addresses 
> instead of host names. 
>  
> Wireshark's capture filter text box checks the syntax of the filter, showing a red background if it doesn't compile 
> and a green background if it does; it runs the check in a separate thread and, until the thread completes doing the 
> name resolution, the background is yellow, meaning "I don't know yet whether this is valid".

Well, yes, but something else applies even without a separate function to avoid the timeout.

As far as I understand in this case, if one really must use hostnames in the filter expression (for instance, if the 
A/AAAA addresses change often or when there are multiple software instances and each of them gets a different response 
from the resolver), pre-testing without DNS is simply impossible. If it is more important to be able to pre-test 
without DNS, the filter must be changed to use no hostnames.

-- 
    Denis Ovsienko

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers