Wireshark-dev: Re: [Wireshark-dev] HAVE_PCAP symbols by build type

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 6 Aug 2011 02:37:48 -0700
On Aug 6, 2011, at 1:32 AM, Joerg Mayer wrote:

> I've created a small list that shows the HAVE_PCAP... symbols used in
> the source code and by build type (configure, cmake, windows).

Note: note all the functions checked for by the configure script show up in a grep of HAVE_PCAP in configure.  pcap_create() doesn't, for example.  config.h.in is probably the authoritative source for what's checked for in the configure script.

> Looks like we have some inconsistencies, but some of them might be due
> to differences in winpcap and libpcap. Anyone willing to take a look?

Whilst recent versions of WinPcap have pcap_create(), the remote-capture stuff is implemented as a bag on the side, and pcap_create() doesn't do a good job of supporting it.  I'm working on fixing that in libpcap, which will hopefully get picked up by WinPcap once I've checked the changes (which include generalizing the remote-capture support so it can handle protocols other than rpcap, such as the "ssh over to the remote machine and run tcpdump" protocol).  At that point, for those versions of WinPcap, config.h.win32 should define HAVE_PCAP_CREATE.

HAVE_PCAP_GET_SELECTABLE_FD applies only to operating systems that have selectable FDs - Windows doesn't.  It has select() in Winsock:

	http://msdn.microsoft.com/en-us/library/ms740141(v=vs.85).aspx

and it has FDs in the C library:

	http://msdn.microsoft.com/en-US/library/z0kc8e3z(v=VS.80).aspx

but select() doesn't take C-library FDs as a argument, and, for that matter, WinPcap doesn't have a C-library FD or a socket descriptor for an open pcap_t - this is an inherent UN*X-vs-Windows difference that shows up in libpcap-vs-WinPcap.

HAVE_PCAP_LIB_VERSION should perhaps be there, at least for versions of WinPcap new enough to have it.

The only calls to pcap_findalldevs_ex() are protected by HAVE_PCAP_REMOTE.  This may have to be redone when remote capture support is added to libpcap.

The only calls to pcap_set_buffer_size() are protected by HAVE_PCAP_CREATE; pcap_set_buffer_size() was introduced in libpcap 1.1.0, as was pcap_create(), so HAVE_PCAP_SET_BUFFER_SIZE is unnecessary.

HAVE_PCAP_OPEN is equivalent to "have WinPcap" which is equivalent to "is running on Windows".  The same is true of HAVE_PCAP_SETSAMPLING.