[Winpcap-users] PCAP_OPENFLAG_NOCAPTURE_LOCAL ignored and PCAP_SETDIRECTION()

食肉大灰兔V5 hsluoyz at gmail.com
Thu Sep 29 02:00:34 UTC 2016


Hi Daniel,

You can try Npcap: https://github.com/nmap/npcap.
The releases are published here: https://github.com/nmap/npcap/releases

It's a fork of WinPcap. And it supports latest libpcap 1.8.0 interface. So
maybe the PCAP_SETDIRECTION function works for Npcap, if it works on latest
libpcap. If I remembered right, The PCAP_OPENFLAG_NOCAPTURE_LOCAL flag is
also one thing that Npcap fixed before.

I have also provided a "Send-to-Rx" feature in Npcap and designed a bridge
application called "UserBridge" to use that feature here:
https://github.com/hsluoyz/UserBridge. UserBridge mainly do this:

If you want all received traffic on Adapter A seems like to be
received on Adapter
B, and all traffic sent out from Adapter B to be actually sent out from Adapter
A

"Send-to-Rx" means to inject packets to a network interface's receive path
that makes the interface think it receives those packets (instead of
sending them out). You can just use it to fulfill a customized need.


Cheers,
Yang



On Thu, Sep 29, 2016 at 8:50 AM, Daniel Smith <zamadatix at gmail.com> wrote:

> Hello,
>
> I have been trying to make a custom software bridge using winpcap.
> Unfortunately this means sending and receiving packets that arrive on a
> pair of interfaces which means there needs to be some sort of logic
> preventing infinitely copying any packet that appears in a cycle. As it is
> a bridge I can't apply a capture filter to match the source MAC/IP of the
> interfaces since many (known and uknown) MACs/IPs may need to transit the
> link pair. After digging through the documentation I came across two
> possible solutions:
>
> PCAP_SETDIRECTION(device, PCAP_D_IN) - a directional filter to the
> capture. Unfortunately this returns -1 as it does not seem to be supported
> on Windows.
> pcap_open() instead of pcap_open_live() - pcap_open() has flags for the
> 3rd argument, one of which being PCAP_OPENFLAG_NOCAPTURE_LOCAL which is
> supposed to prevent capturing packets sent by the driver itself.
>
>
> Unfortuntaley when I launch 2 threads, one capturing on the interface and
> one sending, I still receive the sent packets in the capturing thread. I am
> using the following to open the interface in both threads: pcap_open(InterfaceName,
> 65536, PCAP_OPENFLAG_NOCAPTURE_LOCAL, 1000, nullptr, ErrorBuffer)
>
>
>
> Does anyone have any guidance on why pcap_open() might be behaving this
> way or another way to achieve my goal of not capturing packets libpcap
> itself put on the interface?
>
>
> Thank you,
>
> Daniel Smith
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20160929/ccda0b57/attachment.html>


More information about the Winpcap-users mailing list