Re: Npcap 0.04 call for test

[Graham Bloice <graham.bloice () trihedral com>]

On 23 August 2015 at 04:07, Guy Harris <guy () alum mit edu> wrote:

> On Aug 22, 2015, at 11:07 AM, Pascal Quantin <pascal.quantin () gmail com>
> wrote:
>
> > DLT_NULL does not work as expected because Npcap is still providing a
> linktype of type Ethernet instead of Null. I was able to fix the
> encapsulation of a captue by running editcap -T null dlt_null.pcapng
> dlt_null_fixed.pcapng.
>
> OK, that's issue 1) in my "why it wouldn't work" list.
>
> The driver and DLL need to provide NdisMediumNull as the medium type to
> the WinPcap library, so it maps it to DLT_NULL.
>
> > Another issue is that value 23 is not interpreted as IPv6 for Windows,
> but as Netware IPX/SPX. Should we "steal" the value of another system? For
> now the NULL dissector supports IPv6 codes for BSD (24), FreeBSD (28) and
> OS X (30). Guy, what do you think?
>
> That's the issue I mentioned for IPv6; any of those three values should
> work.
As AF_INET6 is defined as 23 on the Windows platform:

ws2def.h(109): #define AF_INET6        23              // Internetwork
Version 6

 Shouldn't code running on that platform, i.e. Wireshark use the
appropriate value rather than faking that of another OS?

Or is the issue of value clash between different platforms such that it's
impossible to differentiate for a particular capture?


-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe