diff options
author | JP Abgrall <jpa@google.com> | 2014-02-12 13:46:45 -0800 |
---|---|---|
committer | JP Abgrall <jpa@google.com> | 2014-02-12 22:15:16 +0000 |
commit | 511eca30a483e912c274e1d8ba3a0f8f081e2227 (patch) | |
tree | e1dac8bb306ec92296c44fbcd46553c1fe57cedd /pcap_offline_filter.3pcap | |
parent | 3a7bce5dda6a8db92c9248846d0255e68c3a5b2a (diff) | |
download | libpcap-511eca30a483e912c274e1d8ba3a0f8f081e2227.tar.gz |
Merge remote-tracking branch 'goog/tcpdump'
* goog/tcpdump: (1872 commits)
Remove old version. Getting ready for new libpcap 1.5
Remove commas from clauses in a comma-separated list.
Fix typo.
Describe all NFLOG TLV types and define structures for some of them.
Check caplen in the NFLOG TLV loop.
Have nflog_tlv_t include only the TLV header.
Byte-swap the T and L in TLVs as necessary when reading an NFLOG file.
Don't support D-Bus sniffing on OS X.
Add post-1.5.2 bug fixes.
Tag some changes with a bug identifier.
Add items for 1.5.1 and 1.5.2.
Formatting tweak.
Count *ring buffer blocks*, not *packets* to be filtered in userland.
Add a PACKET_COUNT_IS_UNLIMITED() to test for a packet count <= 0.
Use HAVE_TPACKET3 rather than TPACKET_V3 to test for TPACKET_V3 support.
Fix builds on systems without TPACKET_V3.
tweak manpages formatting
Fix pcap_loop() with a count of 0 and TPACKET_V3.
Discourage the use of a zero timeout.
We can't use TPACKET_V3 in immediate mode, so fall back on TPACKET_V2.
...
Change-Id: I2aa9bd87673c56aee439e1154b96a14026ca7985
Diffstat (limited to 'pcap_offline_filter.3pcap')
-rw-r--r-- | pcap_offline_filter.3pcap | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/pcap_offline_filter.3pcap b/pcap_offline_filter.3pcap new file mode 100644 index 00000000..3f11022d --- /dev/null +++ b/pcap_offline_filter.3pcap @@ -0,0 +1,57 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_offline_filter.3pcap,v 1.1 2008-05-13 15:19:56 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_OFFLINE_FILTER 3PCAP "13 May 2008" +.SH NAME +pcap_offline_filter \- check whether a filter matches a packet +.SH SYNOPSIS +.nf +.ft B +#include <pcap/pcap.h> +.ft +.LP +.ft B +int pcap_offline_filter(const struct bpf_program *fp, +.ti +8 +const struct pcap_pkthdr *h, const u_char *pkt) +.ft +.fi +.SH DESCRIPTION +.B pcap_offline_filter() +checks whether a filter matches a packet. +.I fp +is a pointer to a +.I bpf_program +struct, usually the result of a call to +.BR pcap_compile() . +.I h +points to the +.I pcap_pkthdr +structure for the packet, and +.I pkt +points to the data in the packet. +.SH RETURN VALUE +.B pcap_offline_filter() +returns the return value of the filter program. This will be zero if +the packet doesn't match the filter and non-zero if the packet matches +the filter. +.SH SEE ALSO +pcap(3PCAP), pcap_compile(3PCAP) |