Using libpcap:s pcap_compile() in bpf.c?
Erik Alapää
alapaa at operax.com
Wed Aug 24 12:26:53 UTC 2005
On Wed, 24 Aug 2005, Erik Alapää wrote:
> Hello! I am building a modified DHCP relay/proxy based on the ISC
> relay code, version 3.0.2 (project started before 3.0.3 was released,
> will merge in our local cvs later)
>
> Now my questions: I want to use the pcap_compile() function from
> libpcap to create a modified packet filter.
>
> 1. Is there any good documentation out there, except for the pcap
> manpage? (Linux-only is good, examples portable to Solaris and BSD
> even better)
>
> 2. How do I get a pcap_t handle for pcap_compile(), the relay code
> seems to bypass libpcap and open() a pfilt device directly and use
> some
> ioctl() magic? There is quite a lot of conditional compilation going
> on too, which complicates my attempt to understand the code.
>
> 3. Can I somehow just create a filter with pcap_compile() without
> doing all the other libpcap stuff, and then force-feed this filter
> into the existing relay code?
>
Wanted to add the info that the bpf devices and pfilt devices are
used, depending on OS.
--
Erik Alapää
Software Engineer M. Sc., Lic. Ind. Math.
Aurorum Science Park 8
SE 997 75 Luleå
Sweden
+46 70 535 17 14 (mobile)
+46 920 75510 (fax)
http://www.operax.com
More information about the dhcp-hackers
mailing list