Re: Npcap 0.04 call for test

[Pascal Quantin <pascal.quantin () gmail com>]

2015-08-24 10:28 GMT+02:00 Guy Harris <guy () alum mit edu>:

> On Aug 24, 2015, at 1:19 AM, Pascal Quantin <pascal.quantin () gmail com>
> wrote:
>
> > any reason for not using NdisMediumLoopback that is defined since Vista
> according to
> https://msdn.microsoft.com/en-us/library/windows/hardware/ff565910%28v=vs.85%29.aspx
> ? Maybe it would make sense to switch to DLT_LOOPBACK
>
> You mean DLT_LOOP rather than DLT_LOOPBACK (that's what OpenBSD, which
> introduced DLT_LOOP, calls it).

Yeas that's what I meant. Sorry for the typo.


> > in that case (in that case the packet type must be put in network order).
>
> Yes, that's what's different about DLT_LOOP - the address family value is
> in network byte order rather than host byte order.
>
> Note that, if all packets are IPv4 or IPv6 packets, you could also use
> NdisMediumIP, if that means "received and transmitted packets begin with an
> IP header and have no link-layer header", and map that to DLT_RAW.

Correct, but I was finding the NdisMediumLoopback type maybe more
representative as there can be other interfaces using raw IP (liek MBIM USB
class). At least with such DLT we have no doubt regarding the fact that it
is a loopback capture :)

Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe