Wireshark mailing list archives

Re: Npcap 0.04 call for test

From: Guy Harris <guy () alum mit edu>
Date: Mon, 24 Aug 2015 10:12:40 -0700


On Aug 24, 2015, at 6:08 AM, Yang Luo <hsluoyb () gmail com> wrote:

I have looked at all occurrences of PCAP_IF_LOOPBACK in Npcap's wpcap.dll code at 
https://github.com/nmap/npcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK, it seems that this property is never 
effectively used inside wpcap.dll's code.


In fad-win32.c, pcap_add_if_win32() is used by pcap_findalldevs(), and pcap_add_if_win32() calls add_or_find_if() in 
inet.c, and add_or_find_if() uses PCAP_IF_LOOPBACK.

That shows up in the GitHub search done with the URL you specify.

In Wireshark's WinPcap official trunk, it is totally unused except some prints. See: 
https://github.com/wireshark/winpcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK.


That's because Wireshark's WinPcap official trunk only includes the WinPcap driver, the WinPcap packet.dll DLL, and the 
WinPcap routines that aren't already part of the official libpcap source - fad-win32.c and inet.c are both part of the 
official libpcap source:

        https://github.com/the-tcpdump-group/libpcap/blob/master/fad-win32.c

        https://github.com/the-tcpdump-group/libpcap/blob/master/inet.c

So currently PCAP_IF_LOOPBACK is never set in any pcap_if_t struct for WinPcap and Npcap.


That should be fixed.

And It seems to work fine without setting it. Where would Wireshark use this PCAP_IF_LOOPBACK  for?


1) WinPcap *itself* uses it to ensure that loopback interfaces sort after non-loopback interfaces, so that if a machine 
has both "real" and loopback interfaces active, the default interface won't end up being a loopback interface;

2) Wireshark uses it to flag interfaces as being loopback interfaces in some places (see the uses of the "loopback" 
flag in the if_info_t structure).
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Npcap 0.04 call for test, (continued)
- - - Re: Npcap 0.04 call for test Pascal Quantin (Aug 22)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 22)
    - Re: Npcap 0.04 call for test Graham Bloice (Aug 23)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 23)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 23)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 24)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 24)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 24)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 24)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 24)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 25)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 25)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 27)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 31)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 24)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 24)

(Thread continues...)