Wireshark-bugs: [Wireshark-bugs] [Bug 3967] Add start and stop filter triggers to dumpcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3967
--- Comment #3 from Guy Harris <guy@xxxxxxxxxxxx> 2009-09-01 11:43:23 PDT ---
pcap_offline_filter() is in the current top-of-Git-tree libpcap from
tcpdump.org.
However, it's just a simple wrapper routine:
/*
* Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
* data for the packet, check whether the packet passes the filter.
* Returns the return value of the filter program, which will be zero if
* the packet doesn't pass and non-zero if the packet does pass.
*/
int
pcap_offline_filter(struct bpf_program *fp, const struct pcap_pkthdr *h,
const u_char *pkt)
{
struct bpf_insn *fcode = fp->bf_insns;
if (fcode != NULL)
return (bpf_filter(fcode, pkt, h->len, h->caplen));
else
return (0);
}
so we could just directly use bpf_filter().
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.