Closed wudong20200702 closed 2 weeks ago
To which "rather than copy or bypass" are you referring here?
The existing is to add a bypass to the data link layer; In order to achieve the original communication can be directly affected, directly intercept the original communication packets;
The existing is to add a bypass to the data link layer;
Presuambly by "the existing" you're referring to the way libpcap captures packets on whatever OS you're capturing.
If it's Linux:
If it's *BSD/macOS/AIX/Solaris 11:
If it's Windows with Npcap:
The copy is required, because 1) the purpose of those mechanisms is to passively capture incoming and outgoing traffic without affecting that traffic in any fashion and 2) the data has to remain around even if the Linux skbuff/{*BSD,macOS,AIX,Solaris 11} network packet buffer (mbuf for most of them)/NDIS packet buffer gets freed.
In order to achieve the original communication can be directly affected, directly intercept the original communication packets;
If you want to modify or drop incoming or outgoing packets before they're transmitted or after they're received, he mechanisms that libpcap/Npcap uses do not support that, as they were not designed to do that. Different operating systems may offer mechanism for doing that, but 1) it's not the same mechanism on all operating systems and 2) ou'll have to research that yourself.
ask PacketInitPacket, PacketReceivePacket which library is the source code of these packet interfaces.
PacketInitPacket, PacketReceivePacket which library is the source code of these packet interfaces.
Those are part of the packet.dll library in Npcap (and WinPcap before that). See the Npcap repository.
What about for Cywgin or MingGW/MSYS? Do we still need to use npcap?
What about for Cywgin or MingGW/MSYS? Do we still need to use npcap?
If you want to capture traffic with a library with a libpcap API, you'll have to use Npcap or some other such library-plus-driver combination, regardless of whether you use Cygwin or MinGW/MSYS - neither of those, as far as I know, have Npcap or WinPcap or... bundled with them.
This is #1377; discuss that question there, not here.
Is there anything linux can do that combines libpcap with the NDIS functionality in windows
Is there anything linux can do that combines libpcap with the NDIS functionality in windows
No; the Linux network stack doesn't have NDIS.
On Linux, libpcap uses PF_PACKET socket to do capturing.
Closing as resolved.
How to intercept the original communication packets (rather than copy or bypass)