On Tue, Sep 03, 2002 at 01:31:41PM -0700, Gillick, John B wrote:
> You mentioned in one of your emails that bpf_compile()is used to generate a
> bpf filter.
> I assume that to mean it takes in some stuff and returns a bpf_insn *.
> I have looked everywhere I can think of, but for the life of me can not find
> this bpf_compile() function. Where is it?
I meant "pcap_compile()".
And, yes, it takes "some stuff", where "some stuff" is:
a "pcap_t *" as returned by "pcap_open_live()",
"pcap_open_dead()" (in newer versions of libpcap that have it),
or "pcap_open_offline()";
a pointer to a "struct bpf_program" to be filled in;
a pointer to a character string containing a tcpdump-style
filter expression;
a flag specifying whether to optimize the generated code (you
probably want that to be non-zero, so that it does optimize the
generated code);
a netmask for the network you're capturing on (or 0 if you don't
know that);
and fills in the "struct bpf_program" with a count of instructions and a
pointer to an array, that it allocates, of "struct bpf_insn" containing
a program that implements the filter expression.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
