On Aug 24, 2015, at 6:08 AM, Yang Luo <hsluoyb@xxxxxxxxx> wrote:
> I have looked at all occurrences of PCAP_IF_LOOPBACK in Npcap's wpcap.dll code at https://github.com/nmap/npcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK, it seems that this property is never effectively used inside wpcap.dll's code.
In fad-win32.c, pcap_add_if_win32() is used by pcap_findalldevs(), and pcap_add_if_win32() calls add_or_find_if() in inet.c, and add_or_find_if() uses PCAP_IF_LOOPBACK.
That shows up in the GitHub search done with the URL you specify.
> In Wireshark's WinPcap official trunk, it is totally unused except some prints. See: https://github.com/wireshark/winpcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK.
That's because Wireshark's WinPcap official trunk only includes the WinPcap driver, the WinPcap packet.dll DLL, and the WinPcap routines that aren't already part of the official libpcap source - fad-win32.c and inet.c are both part of the official libpcap source:
https://github.com/the-tcpdump-group/libpcap/blob/master/fad-win32.c
https://github.com/the-tcpdump-group/libpcap/blob/master/inet.c
> So currently PCAP_IF_LOOPBACK is never set in any pcap_if_t struct for WinPcap and Npcap.
That should be fixed.
> And It seems to work fine without setting it. Where would Wireshark use this PCAP_IF_LOOPBACK for?
1) WinPcap *itself* uses it to ensure that loopback interfaces sort after non-loopback interfaces, so that if a machine has both "real" and loopback interfaces active, the default interface won't end up being a loopback interface;
2) Wireshark uses it to flag interfaces as being loopback interfaces in some places (see the uses of the "loopback" flag in the if_info_t structure).
