Wireshark-dev: Re: [Wireshark-dev] The IPv6 value "24" in DLT_NULL causes Npcap's BPF filter no
From: Guy Harris <[email protected]>
Date: Wed, 14 Sep 2016 20:59:27 -0700
On Sep 14, 2016, at 8:20 PM, Guy Harris <[email protected]> wrote:

> I'll fix this up; for now, just keep using 24 - it's not as if any code that wants to read an AF_NULL pcap file can rely on its OS's AF_INET6 being the packet type value *anyway*, it has to check for all platform values (which both tcpdump and Wireshark do).

I've checked the fix in as change 92fddb84d54cc1bdfa245cde74385b76cabb5a70 to libpcap.  It checks for 24 on Windows live captures.

tcpdump and Wireshark already handle 24 as meaning IPv6 (they also check for 28, which is the FreeBSD value, and 30, which is the Darwin - macOS, iOS, tvOS, watchOS, etc. - value).