question regarding bpf_program

["Prashant Batra (prbatra)" <prbatra () cisco com>]

Hi All,

 

I want to use "pcap_compile" to get a bpf filter from a string. And then
I want to use the filter in the form of sock_filter

to  set as a socket option to capture the packets specified by the
filter. I want to receive the filtered packets using PF_PACKET family
socket.

 

But what I have observed is that the filter obtained using pcap_compile
(printed using bpf_dump) does not match the one using

tcpdump -d option.

 

Can someone help?

 

Or, what should be the best way to achieve this?

 

 

Regards,

Prashant

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.