> Why do we ourself look for the network interfaces in util.c?
> Why don't we use the libpcap-function (which is used in the Windows code)
> pcap_lookupdev()?
Because "pcap_lookupdev()" looks up a *single* device which is the
"default" device for tcpdump to use; we, however, want a complete *list*
of the devices, so that we can put that in the combo box so as to show
the user *all* the devices they can choose...
...and because "pcap_lookupdev()" explicitly ignores loopback devices,
which we *DO* want to offer to users on those platforms that support
snooping on loopback devices (the reason why Ethereal has an IPP
dissector is that I was trying to debug CUPS - http://www.cups.org/ - on
my machine, and traffic between "lpr" and the CUPS daemon on my machine
was going over the loopback device, so I needed to capture traffic on
the loopback device).
I plan, at some point, to add to libpcap an API for getting a list of
interfaces - which will not ignore loopback interfaces, but will attempt
to open interfaces before putting them in the list - and make
"pcap_lookupdev()" use that API and take the first interface from the
list.
> Another problem is the method of looking for the interfaces: the buffer is
> good for 1024 network cards, which is too big on Reliant UNIX 5.43 systems
> (ioctl calls an internal ioctl(I_STR), which gives an EINVAL (buffer too big)).
>
> * libpcap 0.4 uses a similar method (only 16 buffers)
...which doesn't work if you have a large number of network interfaces.
> * libpcap 0.5 starts with a small buffer and doubles it, if it is not big
> enough
We should adopt that method.