[Winpcap-users] rpcap protocol

Guy Harris guy at alum.mit.edu
Tue Jun 28 16:28:47 GMT 2005


Fulvio Risso wrote:

> We never put the documentation on the website because we do not believe 
> this is the "last version" of the protocol.
> For isntance, we know some architectural bug that we plan to fix, sooner 
> or later.

...and there will probably be libpcap API changes that require protocol 
changes, e.g. different calls for getting statistics (to handle 64-bit 
counters and to get the statistics as a tag/value list, so that new 
statistics can be added without breaking binary compatibility and so 
that only the statistics supported by a given platform are returned), a 
call to "set a filter" that takes a more abstract representation of a 
filter expression (so that code can be generated at the time the filter 
is set, to handle platforms that have filter engines that don't support 
the BPF machine language, and to handle reading capture files with 
multiple different link-layer types), etc..

In addition, there will probably be a fancier scheme of some sort for 
doing authentication (would something such as SPNEGO make sense here, so 
the client and server can negotiate what sort of authentication to use?).

> No, it is not.
> Unless the guy at sourceforge modified his protocol in order to be 
> compatible with WinPcap.

Correct.  His protocol was based on ONC RPC, but the one in WinPcap isn't.



More information about the Winpcap-users mailing list