dect
/
libpcap
Archived
13
0
Fork 0

Pick up pcap_offline_filter() from WinPcap.

Add pcap_compile() to the SEE ALSO section for pcap_setfilter().
This commit is contained in:
guy 2008-05-13 15:19:56 +00:00
parent cab77babbb
commit 1f93b0fda9
6 changed files with 84 additions and 5 deletions

1
FILES
View File

@ -149,6 +149,7 @@ pcap_lookupnet.3pcap
pcap_loop.3pcap
pcap_major_version.3pcap
pcap_next_ex.3pcap
pcap_offline_filter.3pcap
pcap_open_dead.3pcap
pcap_open_live.3pcap
pcap_open_offline.3pcap

View File

@ -17,7 +17,7 @@
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.118 2008-04-09 21:39:21 guy Exp $ (LBL)
# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.119 2008-05-13 15:19:56 guy Exp $ (LBL)
#
# Various configurable paths (remember to edit Makefile.in, not Makefile)
@ -131,6 +131,7 @@ MAN3PCAP = pcap.3pcap \
pcap_loop.3pcap \
pcap_major_version.3pcap \
pcap_next_ex.3pcap \
pcap_offline_filter.3pcap \
pcap_open_dead.3pcap \
pcap_open_live.3pcap \
pcap_open_offline.3pcap \

20
pcap.c
View File

@ -33,7 +33,7 @@
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.120 2008-04-14 20:40:58 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.121 2008-05-13 15:19:56 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -1211,6 +1211,24 @@ pcap_close(pcap_t *p)
free(p);
}
/*
* Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
* data for the packet, check whether the packet passes the filter.
* Returns the return value of the filter program, which will be zero if
* the packet doesn't pass and non-zero if the packet does pass.
*/
int
pcap_offline_filter(struct bpf_program *fp, const struct pcap_pkthdr *h,
const u_char *pkt)
{
struct bpf_insn *fcode = fp->bf_insns;
if (fcode != NULL)
return (bpf_filter(fcode, pkt, h->len, h->caplen));
else
return (0);
}
/*
* We make the version string static, and return a pointer to it, rather
* than exporting the version string directly. On at least some UNIXes,

View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.10 2008-04-09 21:39:21 guy Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.11 2008-05-13 15:19:56 guy Exp $ (LBL)
*/
#ifndef lib_pcap_pcap_h
@ -288,6 +288,8 @@ int pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
int pcap_compile_nopcap(int, int, struct bpf_program *,
const char *, int, bpf_u_int32);
void pcap_freecode(struct bpf_program *);
int pcap_offline_filter(struct bpf_program *, const struct pcap_pkthdr *,
const u_char *);
int pcap_datalink(pcap_t *);
int pcap_datalink_ext(pcap_t *);
int pcap_list_datalinks(pcap_t *, int **);

57
pcap_offline_filter.3pcap Normal file
View File

@ -0,0 +1,57 @@
.\" @(#) $Header: /tcpdump/master/libpcap/pcap_offline_filter.3pcap,v 1.1 2008-05-13 15:19:56 guy Exp $
.\"
.\" Copyright (c) 1994, 1996, 1997
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that: (1) source code distributions
.\" retain the above copyright notice and this paragraph in its entirety, (2)
.\" distributions including binary code include the above copyright notice and
.\" this paragraph in its entirety in the documentation or other materials
.\" provided with the distribution, and (3) all advertising materials mentioning
.\" features or use of this software display the following acknowledgement:
.\" ``This product includes software developed by the University of California,
.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
.\" the University nor the names of its contributors may be used to endorse
.\" or promote products derived from this software without specific prior
.\" written permission.
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.TH PCAP_OFFLINE_FILTER 3PCAP "13 May 2008"
.SH NAME
pcap_offline_filter \- check whether a filter matches a packet
.SH SYNOPSIS
.nf
.ft B
#include <pcap/pcap.h>
.ft
.LP
.ft B
int pcap_offline_filter(struct bpf_program *fp,
.ti +8
const struct pcap_pkthdr *h, const u_char *pkt)
.ft
.fi
.SH DESCRIPTION
.B pcap_offline_filter()
checks whether a filter matches a packet.
.I fp
is a pointer to a
.I bpf_program
struct, usually the result of a call to
.BR pcap_compile() .
.I h
points to the
.I pcap_pkthdr
structure for the packet, and
.I pkt
points to the data in the packet.
.SH RETURN VALUE
.B pcap_offline_filter()
returns the return value of the filter program. This will be zero if
the packet doesn't match the filter and non-zero if the packet matches
the filter.
.SH SEE ALSO
pcap(3PCAP), pcap_compile(3PCAP)

View File

@ -1,4 +1,4 @@
.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setfilter.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $
.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setfilter.3pcap,v 1.4 2008-05-13 15:19:56 guy Exp $
.\"
.\" Copyright (c) 1994, 1996, 1997
.\" The Regents of the University of California. All rights reserved.
@ -51,4 +51,4 @@ may be called with
.I p
as an argument to fetch or display the error text.
.SH SEE ALSO
pcap(3PCAP), pcap_geterr(3PCAP)
pcap(3PCAP), pcap_compile(3PCAP), pcap_geterr(3PCAP)