On Apr 14, 2016, at 12:05 AM, Denis Ovsienko <de...@ovsienko.info> wrote:
> ---- On Wed, 13 Apr 2016 16:44:24 +0100 Ed Sealing wrote ----
>> We're writing an application around libpcap. The app may or may not have
>> DNS resolution available. We've noticed that when DNS resolution is not
>> available, we experience long delays when pre-testing the filters (prior to
>> applying them).
>>
>> Is there a way to programatically disable name resolution in libpcap
>> (similar to tcpdump "-n" argument)? I haven't been able to find a variable
>> to pass in that would accomplish this directly in the library. I'm sure it
>> exists, but can't seem to find it.
>
> "-n" is an option to tcpdump only, libpcap works the same way with and
> without it. The only case where DNS may be involved in libpcap is if the
> filter contains hostnames, which would need to be translated to addresses
> first to compile the filter. Could you post an example of the delay you are
> seeing?
Presumably, if pcap_compile_ex() or pcap_compile_nonameres() or whatever were
to disable name resolution, it would treat *all* host names as failing to
resolve, so
host www.example.com
would fail to compile. This means, of course, that the pre-test would always
fail unless you use IP addresses instead of host names.
Wireshark's capture filter text box checks the syntax of the filter, showing a
red background if it doesn't compile and a green background if it does; it runs
the check in a separate thread and, until the thread completes doing the name
resolution, the background is yellow, meaning "I don't know yet whether this is
valid".
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
