[tcpdump-workers] Adding loopback adapter detection for Windows

Yang Luo hsluoyb at gmail.com
Sun Jan 24 09:46:02 EST 2016

Hi list,

I am a developer for Npcap, a fork for WinPcap (
https://github.com/nmap/npcap). My libpcap code is still some very old
version 1.0 branch 1_0_rel0b (20091008). And I want to update to the latest
release. But before that happens, I need to handle some updates of mine to
the libpcap folder code by merging it to libpcap.

I have implemented a loopback adapter called "Npcap Loopback Adapter" on
Windows. It's like lo in linux. I know that libpcap recognizes "lo" by just
matching the adapter name with "lo". And I want libpcap to recognize my
"Npcap Loopback Adapter". Unfortunately all adapter's names in Windows are
random strings, something
like \Device\{B4B27BF5-DECC-428F-AE74-C57344D5402B}. So it can't be
hard-coded like lo. I have stored this value in registry. Also I have
provided a function in Packet.dll module called PacketIsLoopbackAdapter
(packet.dll module is the lower layer below libpcap/wpcap). So possible
solutions are:

1) Adding registry read code to libpcap, read the name of "Npcap Loopback
Adapter" and compare it with the value in the code.
2) Call my provided PacketIsLoopbackAdapter. Unfortunately, as my Npcap is
not a official successor of WinPcap. I can't expect anyone can statically
compile against my added PacketIsLoopbackAdapter function. Maybe
dynamically function load is needed (LoadLibrary and GetProcAddress).
3) ..

Currently my way is like 2), except that I directly built libpcap against
my new function. My modification is:

I'm not sure which is the best practice to let libpcap recognize my
adapter. Any opinions? Thanks!


More information about the tcpdump-workers mailing list