Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 34339: /trunk/gtk/ /trunk/gtk/: capt

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 3 Oct 2010 11:18:40 -0700
On Oct 3, 2010, at 5:08 AM, Sake Blok wrote:

> I was able to make things work for "pcap_open_dead", but when trying to do the same for "bpf_image", I still run into problems at the linking stage where "bpf_image" can not be found. I checked the WinPcap header files and bpf_image is there.

...and, at least for WinPcap 4.1.1, bpf_image is in the .def file.

Where is it failing?  The buildbot seems to be doing OK.

> Hmmm... do we need to define "HAVE_PCAP_COMPILE_NOPCAP" and check for it? Or can we safely assume it's there in all supported platforms?

If we don't support any platforms that use libpcap before libpcap 0.5, we can safely assume it's there, although I think there might be some older versions of NetBSD where pcap_compile_nopcap() took an additional argument (a char * pointing to a buffer into which it put an error message if it failed - pcap_compile_nopcap() as implemented in tcpdump.org libpcap can't give you an error message for the failure, but pcap_open_dead()/pcap_compile() can).

libpcap 0.4 had neither pcap_open_dead() nor pcap_compile_nopcap() - you *had* to have a live capture device or a savefile open in order to compile a filter into BPF code.