Hi Guy, Thanks! If we choose to change libpcap, I think both Wireshark and Npcap driver are not required to be modified any more then. I will test it when the code is submitted:)
Cheers, Yang On Thu, Sep 15, 2016 at 11:20 AM, Guy Harris <[email protected]> wrote: > On Sep 13, 2016, at 10:03 PM, Yang Luo <[email protected]> wrote: > > > But the problem is, libpcap (which is used by Npcap) only supports the > value 23 in the BPF filter code. > > This is a problem in more ways than one. > > For example, if you're running on FreeBSD, and are reading a pcap or > pcapng file from NetBSD, and it has loopback packets, a filter checking for > IPv6 packets won't work, because it'll be looking for the FreeBSD AF_INET6 > (28), but IPv6 packets will have NetBSD's AF_INET6 (24). > > So, when reading a capture file, the filter should check for *all* of the > possible AF_INET6 values, because there's no way to determine, from the > file, which AF_INET6 value was used. > > When doing a live capture, it should, if possible, just use whatever the > capture mechanism provides, to avoid doing other checks. > > I'll fix this up; for now, just keep using 24 - it's not as if any code > that wants to read an AF_NULL pcap file can rely on its OS's AF_INET6 being > the packet type value *anyway*, it has to check for all platform values > (which both tcpdump and Wireshark do). > ____________________________________________________________ > _______________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject= > unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
