BPF packet filter and pcap_compile()
From: lulepenguin (alapaa_at_operax.com)
Date: 08/25/05
- Next message: Tomasz Chmielewski: "Re: multiple network cards in one subnet - possible?"
- Previous message: Tomasz Chmielewski: "Re: multiple network cards in one subnet - possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 25 Aug 2005 00:49:41 -0700
Short question: I am modifying some code that utilizes the BPF. The
filter is hard-coded in "packet filter assembler", but I would like to
use libpcap:s pcap_compile() function to create a filter from a command
string, e.g. "tcp and port 67 and ..." as in W.R. Stevens' UNP. Now my
question: The existing code does not use libpcap to open sniffing
devices etc, and I would like to keep it that way. However,
pcap_compile() needs a pcap_t device handle. Can I use libpcap
functions to open a sniffing device to create the pcap_t handle,
compile the filter with pcap_compile(), then use this filter with a the
/dev/bpf type device opened by the existing code? (the existing code
uses the same filter structs as libpcap)
(obviously, if the existing code opens a sniffing device that monitors
eth0, I would need to make the pcap_t handle also correspond to eth0)
Linux-specific solutions are OK at this point, but something portable
to Solaris or BSD is even better.
Best regards,
/Erik Alapää
- Next message: Tomasz Chmielewski: "Re: multiple network cards in one subnet - possible?"
- Previous message: Tomasz Chmielewski: "Re: multiple network cards in one subnet - possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
