PCAP_OFFLINE_FILTER(3PCAP) PCAP_OFFLINE_FILTER(3PCAP)

pcap_offline_filter - check whether a filter matches a packet

#include <pcap/pcap.h>
int pcap_offline_filter(const struct bpf_program *fp,
const struct pcap_pkthdr *h, const u_char *pkt)

pcap_offline_filter() checks whether a filter matches a packet. fp is a pointer to a bpf_program struct, usually the result of a call to pcap_compile(3PCAP). h points to the pcap_pkthdr structure for the packet, and pkt points to the data in the packet.

pcap_offline_filter() returns the return value of the filter program. This will be zero if the packet doesn't match the filter and non-zero if the packet matches the filter.

pcap(3PCAP)

7 April 2014