On Jun 30, 2011, at 10:30 AM, V K wrote:
> And once packet is read using pcap_next(), I want to check that packet
> against all filters and mark the filter that matches the packet
>
> Is there a way one could compile multiple filters,
Have separate "struct bpf_program" structures for each filte
Folks
I have pcap traces which I am reading via the pcap_ C API. (
pcap_open_offline() and pcap_next()...)
What I want to do is to have several filters say
filter1: (ip.proto==TCP && tcp.dstport==100012)
filter2: (ip.proto==UDP && (udp.srcport==60035 | udp.dstport==1))
filter3:
..
an
