Pick up pcap_offline_filter() from WinPcap.
Add pcap_compile() to the SEE ALSO section for pcap_setfilter().
This commit is contained in:
parent
cab77babbb
commit
1f93b0fda9
1
FILES
1
FILES
|
@ -149,6 +149,7 @@ pcap_lookupnet.3pcap
|
|||
pcap_loop.3pcap
|
||||
pcap_major_version.3pcap
|
||||
pcap_next_ex.3pcap
|
||||
pcap_offline_filter.3pcap
|
||||
pcap_open_dead.3pcap
|
||||
pcap_open_live.3pcap
|
||||
pcap_open_offline.3pcap
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
#
|
||||
# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.118 2008-04-09 21:39:21 guy Exp $ (LBL)
|
||||
# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.119 2008-05-13 15:19:56 guy Exp $ (LBL)
|
||||
|
||||
#
|
||||
# Various configurable paths (remember to edit Makefile.in, not Makefile)
|
||||
|
@ -131,6 +131,7 @@ MAN3PCAP = pcap.3pcap \
|
|||
pcap_loop.3pcap \
|
||||
pcap_major_version.3pcap \
|
||||
pcap_next_ex.3pcap \
|
||||
pcap_offline_filter.3pcap \
|
||||
pcap_open_dead.3pcap \
|
||||
pcap_open_live.3pcap \
|
||||
pcap_open_offline.3pcap \
|
||||
|
|
20
pcap.c
20
pcap.c
|
@ -33,7 +33,7 @@
|
|||
|
||||
#ifndef lint
|
||||
static const char rcsid[] _U_ =
|
||||
"@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.120 2008-04-14 20:40:58 guy Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.121 2008-05-13 15:19:56 guy Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -1211,6 +1211,24 @@ pcap_close(pcap_t *p)
|
|||
free(p);
|
||||
}
|
||||
|
||||
/*
|
||||
* Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
|
||||
* data for the packet, check whether the packet passes the filter.
|
||||
* Returns the return value of the filter program, which will be zero if
|
||||
* the packet doesn't pass and non-zero if the packet does pass.
|
||||
*/
|
||||
int
|
||||
pcap_offline_filter(struct bpf_program *fp, const struct pcap_pkthdr *h,
|
||||
const u_char *pkt)
|
||||
{
|
||||
struct bpf_insn *fcode = fp->bf_insns;
|
||||
|
||||
if (fcode != NULL)
|
||||
return (bpf_filter(fcode, pkt, h->len, h->caplen));
|
||||
else
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* We make the version string static, and return a pointer to it, rather
|
||||
* than exporting the version string directly. On at least some UNIXes,
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.10 2008-04-09 21:39:21 guy Exp $ (LBL)
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.11 2008-05-13 15:19:56 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
#ifndef lib_pcap_pcap_h
|
||||
|
@ -288,6 +288,8 @@ int pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
|
|||
int pcap_compile_nopcap(int, int, struct bpf_program *,
|
||||
const char *, int, bpf_u_int32);
|
||||
void pcap_freecode(struct bpf_program *);
|
||||
int pcap_offline_filter(struct bpf_program *, const struct pcap_pkthdr *,
|
||||
const u_char *);
|
||||
int pcap_datalink(pcap_t *);
|
||||
int pcap_datalink_ext(pcap_t *);
|
||||
int pcap_list_datalinks(pcap_t *, int **);
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
.\" @(#) $Header: /tcpdump/master/libpcap/pcap_offline_filter.3pcap,v 1.1 2008-05-13 15:19:56 guy Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1994, 1996, 1997
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that: (1) source code distributions
|
||||
.\" retain the above copyright notice and this paragraph in its entirety, (2)
|
||||
.\" distributions including binary code include the above copyright notice and
|
||||
.\" this paragraph in its entirety in the documentation or other materials
|
||||
.\" provided with the distribution, and (3) all advertising materials mentioning
|
||||
.\" features or use of this software display the following acknowledgement:
|
||||
.\" ``This product includes software developed by the University of California,
|
||||
.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
|
||||
.\" the University nor the names of its contributors may be used to endorse
|
||||
.\" or promote products derived from this software without specific prior
|
||||
.\" written permission.
|
||||
.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
||||
.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
||||
.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
.\"
|
||||
.TH PCAP_OFFLINE_FILTER 3PCAP "13 May 2008"
|
||||
.SH NAME
|
||||
pcap_offline_filter \- check whether a filter matches a packet
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.ft B
|
||||
#include <pcap/pcap.h>
|
||||
.ft
|
||||
.LP
|
||||
.ft B
|
||||
int pcap_offline_filter(struct bpf_program *fp,
|
||||
.ti +8
|
||||
const struct pcap_pkthdr *h, const u_char *pkt)
|
||||
.ft
|
||||
.fi
|
||||
.SH DESCRIPTION
|
||||
.B pcap_offline_filter()
|
||||
checks whether a filter matches a packet.
|
||||
.I fp
|
||||
is a pointer to a
|
||||
.I bpf_program
|
||||
struct, usually the result of a call to
|
||||
.BR pcap_compile() .
|
||||
.I h
|
||||
points to the
|
||||
.I pcap_pkthdr
|
||||
structure for the packet, and
|
||||
.I pkt
|
||||
points to the data in the packet.
|
||||
.SH RETURN VALUE
|
||||
.B pcap_offline_filter()
|
||||
returns the return value of the filter program. This will be zero if
|
||||
the packet doesn't match the filter and non-zero if the packet matches
|
||||
the filter.
|
||||
.SH SEE ALSO
|
||||
pcap(3PCAP), pcap_compile(3PCAP)
|
|
@ -1,4 +1,4 @@
|
|||
.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setfilter.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $
|
||||
.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setfilter.3pcap,v 1.4 2008-05-13 15:19:56 guy Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1994, 1996, 1997
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
|
@ -51,4 +51,4 @@ may be called with
|
|||
.I p
|
||||
as an argument to fetch or display the error text.
|
||||
.SH SEE ALSO
|
||||
pcap(3PCAP), pcap_geterr(3PCAP)
|
||||
pcap(3PCAP), pcap_compile(3PCAP), pcap_geterr(3PCAP)
|
||||
|
|
Reference in New Issue