Search code examples
windowscross-platformlibpcapwinpcapqnx-neutrino

How similar are Pcap and WinPcap?

I'm trying to do cross-platform development, windows 7 host, QNX Neutrino target. Before trying to get the cross-platform development working, I'd like to test and play around with the code on my host, but Pcap isn't supported on Windows.

How similar are the syntax/function calls between Pcap and WinPcap? Could I take code I wrote for WinPcap and have it work for Pcap and a different machine?

Solution

  • (Presumably you mean "libpcap and WinPcap"; "pcap" refers either to "libpcap and WinPcap" or to the file format they both use.)

    WinPcap is a port of libpcap to Windows, and shares a lot of libpcap's code. It consists of:

    • a pcap-win32.c file, which contains the "adaptation layer" to support the platform-independent APIs on Windows (just as there's pcap-bpf.c for platforms using BPF, and pcap-linux.c for Linux, etc.);
    • the shared platform-independent code;
    • the Packet.dll library, which pcap-win32.c calls, and the driver with which Packet.dll communicates;
    • a few added routines.

    As a result, the vast majority of the calls in libpcap and WinPcap are identical, and share as much code between libpcap and WinPcap as between, for example, libpcap-on-FreeBSD and libpcap-on-Linux.

    The API differences are:

    • libpcap doesn't have pcap_open() and doesn't have remote-capture support (in the future, there will be common APIs for remote-capture support, so code can be written to do remote capture on Windows and various UN*Xes);
    • libpcap doesn't have pcap_setbuff(), but newer versions let you set the capture buffer size if you use pcap_create() and pcap_activate() to open a live capture, and those routines are also in newer versions of WinPcap;
    • if you want to use the platform's "wait for input available on a set of input sources" mechanism, not only do those mechanisms have different APIs (select()/poll() vs. WaitForMultipleObjects()), the APIs to get the handle on which to wait are, of necessity, different;
    • libpcap doesn't have "statistical mode", sampling, or "dump directly to a file in the kernel" (those require kernel-mode support; on Windows, WinPcap has to include a driver and thus can provide that, but, on UN*Xes, libpcap depends on what the OS provides);
    • libpcap doesn't support arbitrarily tuning the "minimum amount of data in the kernel buffer that causes a read from the application to return", although newer versions do support "immediate mode", in which packets are delivered as soon as they arrive;
    • some newer APIs in libpcap aren't in WinPcap yet (some, such as pcap_fopen_offline(), might never be, thanks to different versions of the MSVC support library not being binary compatible with each other).

    So, for almost all purposes, it should be possible to write pcap-based code that works on various UN*Xes (and, apparently, QNX Neutrino) and on Windows, as long as you deal with other differences between the platforms.