pcap_lookupnet has special handling for a number of device names to just silently return 0, but doesn't have any handling for rpcap devices. This causes a spurious warning message with the tcpdump -f flag, and possibly could cause errors elsewhere:
$ ./build/tcpdump -d -i "rpcap://127.0.0.1/enp6s0" "vlan" -f
tcpdump: WARNING: foreign (-f) flag used but: SIOCGIFADDR: rpcap://127.0.0.1/enp6s0: No such device
(000) ldh [12]
(001) jeq #0x8100 jt 4 jf 2
(002) jeq #0x88a8 jt 4 jf 3
(003) jeq #0x9100 jt 4 jf 5
(004) ret #262144
(005) ret #0
A remote device that doesn't actually exist fails earlier as expected:
$ ./build/tcpdump -d -i "rpcap://127.0.0.1/nosuchdev" "vlan" -f
tcpdump: enp6s0sds: No such device exists (No such device exists)
(I suppose it could somehow query the device if possible, or succeed with a warning that the function isn't supported on remote devices, instead of silently returning 0.)
$ pcap-config --version
1.11.0-PRE-GIT
pcap_lookupnethas special handling for a number of device names to just silently return 0, but doesn't have any handling forrpcapdevices. This causes a spurious warning message with the tcpdump-fflag, and possibly could cause errors elsewhere:A remote device that doesn't actually exist fails earlier as expected:
(I suppose it could somehow query the device if possible, or succeed with a warning that the function isn't supported on remote devices, instead of silently returning 0.)
$ pcap-config --version
1.11.0-PRE-GIT