pcap_open() not documented as part of the Npcap API

[dmiller-nmap]

pcap_open() is one of the WinPcap extensions to the libpcap API. It is currently included in upstream libpcap, but there is no documentation there. We generally document such functions in the Npcap API section of the Npcap Guide, but this one is not documented.

[guyharris]

It's not documented in libpcap because the long-term plan is to support remote capture opening with pcap_create() and pcap_activate(); that's the only interesting thing pcap_open() currently supports that's not supported with pcap_create()/pcap_activate() or pcap_open_offline().

[dmiller-nmap]

@guyharris Thanks for the input. One feature that seems to be supported in pcap_open() but not pcap_create() etc. is the PCAP_OPENFLAG_NOCAPTURE_LOCAL which governs whether packets sent with pcap_sendpacket()/pcap_inject() are put into the capture buffer. There is a lot of consternation over this feature due to differences in WinPcap's position (Protocol driver) vs Npcap's (Filter driver) in the NDIS stack, the oversimplified documentation from WinPcap regarding the feature, and the complexity of the NDIS loopback mechanism.

I would just as much rather drop the feature and implement something else, but I'm not sure how to do so within the libpcap API. The individual features involved here are:

1. Control over whether a packet sent via pcap_inject() is placed in the capture buffer (see #648). This is the WinPcap-documented reason for the feature.
2. Control over whether protocol drivers on the adapter will see the injected packets (see #116). Npcap's SendToRx feature partially addresses this, but in a systemwide fashion. We would prefer a per-handle solution.

I think we can produce a solution using the pcap_setdirection() function and possibly pcap_setmode(). Is there any existing interaction on other platforms between pcap_setdirection() and pcap_inject()? Any other platforms where pcap_inject()-ed packets are delivered in the capture buffer?