On Aug 24, 2015, at 6:08 AM, Yang Luo <hslu...@gmail.com> wrote: > I have looked at all occurrences of PCAP_IF_LOOPBACK in Npcap's wpcap.dll > code at > https://github.com/nmap/npcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK, it > seems that this property is never effectively used inside wpcap.dll's code.
In fad-win32.c, pcap_add_if_win32() is used by pcap_findalldevs(), and pcap_add_if_win32() calls add_or_find_if() in inet.c, and add_or_find_if() uses PCAP_IF_LOOPBACK. That shows up in the GitHub search done with the URL you specify. > In Wireshark's WinPcap official trunk, it is totally unused except some > prints. See: > https://github.com/wireshark/winpcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK. That's because Wireshark's WinPcap official trunk only includes the WinPcap driver, the WinPcap packet.dll DLL, and the WinPcap routines that aren't already part of the official libpcap source - fad-win32.c and inet.c are both part of the official libpcap source: https://github.com/the-tcpdump-group/libpcap/blob/master/fad-win32.c https://github.com/the-tcpdump-group/libpcap/blob/master/inet.c > So currently PCAP_IF_LOOPBACK is never set in any pcap_if_t struct for > WinPcap and Npcap. That should be fixed. > And It seems to work fine without setting it. Where would Wireshark use this > PCAP_IF_LOOPBACK for? 1) WinPcap *itself* uses it to ensure that loopback interfaces sort after non-loopback interfaces, so that if a machine has both "real" and loopback interfaces active, the default interface won't end up being a loopback interface; 2) Wireshark uses it to flag interfaces as being loopback interfaces in some places (see the uses of the "loopback" flag in the if_info_t structure). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
