[Winpcap-users] Feature request: restricting use of winpcap

Guy Harris guy at alum.mit.edu
Mon Aug 1 18:58:00 GMT 2005

Gianluca Varenni wrote:

> As Loris explained some days ago on the mailing list 
> (http://www.winpcap.org/pipermail/winpcap-users/2005-July/000202.html) 
> we are definitely planning to add such feature, but it won't be 
> available in the upcoming WinPcap 3.1. The idea is putting some ACLs on 
> the npf devices to selectively allow/deny tx and rx through a control 
> panel applet (or something similar).

...although this doesn't "define a filter string" in the sense of 
allowing untrusted users only to capture with a particular filter 
string, if that's what "setting some registry values to define a filter 
string" refers to - you either let people capture what they want or you 
don't let them capture anything.

(This is similar to what you can get on BSD systems, either by setting 
the owner or permissions bits on the /dev/bpf device files or, on BSDs 
that support ACLs - recent FreeBSD's do, as does OS X 10.4[.x] if you 
enable ACLs on a file system - setting an ACL on those device files.)

More information about the Winpcap-users mailing list