Pick up pcap_offline_filter() from WinPcap.

Add pcap_compile() to the SEE ALSO section for pcap_setfilter().

6 files changed, 84 insertions, 5 deletions

diff --git a/FILES b/FILES
index 7ba1c8c5..682b3746 100644
--- a/FILES
+++ b/FILES
@@ -149,6 +149,7 @@ pcap_lookupnet.3pcap
 pcap_loop.3pcap
 pcap_major_version.3pcap
 pcap_next_ex.3pcap
+pcap_offline_filter.3pcap
 pcap_open_dead.3pcap
 pcap_open_live.3pcap
 pcap_open_offline.3pcap
diff --git a/Makefile.in b/Makefile.in
index daa76a67..2c6fb7ab 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -17,7 +17,7 @@
 #  WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 #  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 #
-# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.118 2008-04-09 21:39:21 guy Exp $ (LBL)
+# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.119 2008-05-13 15:19:56 guy Exp $ (LBL)
 
 #
 # Various configurable paths (remember to edit Makefile.in, not Makefile)
@@ -131,6 +131,7 @@ MAN3PCAP = pcap.3pcap \
 	pcap_loop.3pcap \
 	pcap_major_version.3pcap \
 	pcap_next_ex.3pcap \
+	pcap_offline_filter.3pcap \
 	pcap_open_dead.3pcap \
 	pcap_open_live.3pcap \
 	pcap_open_offline.3pcap \
diff --git a/pcap.c b/pcap.c
index b0ca2256..e6bde1fd 100644
--- a/pcap.c
+++ b/pcap.c
@@ -33,7 +33,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.120 2008-04-14 20:40:58 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.121 2008-05-13 15:19:56 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -1212,6 +1212,24 @@ pcap_close(pcap_t *p)
 }
 
 /*
+ * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
+ * data for the packet, check whether the packet passes the filter.
+ * Returns the return value of the filter program, which will be zero if
+ * the packet doesn't pass and non-zero if the packet does pass.
+ */
+int
+pcap_offline_filter(struct bpf_program *fp, const struct pcap_pkthdr *h,
+    const u_char *pkt)
+{
+	struct bpf_insn *fcode = fp->bf_insns;
+
+	if (fcode != NULL) 
+		return (bpf_filter(fcode, pkt, h->len, h->caplen));
+	else
+		return (0);
+}
+
+/*
  * We make the version string static, and return a pointer to it, rather
  * than exporting the version string directly.  On at least some UNIXes,
  * if you import data from a shared library into an program, the data is
diff --git a/pcap/pcap.h b/pcap/pcap.h
index 0dcf7d26..8a63fc99 100644
--- a/pcap/pcap.h
+++ b/pcap/pcap.h
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.10 2008-04-09 21:39:21 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.11 2008-05-13 15:19:56 guy Exp $ (LBL)
  */
 
 #ifndef lib_pcap_pcap_h
@@ -288,6 +288,8 @@ int	pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
 int	pcap_compile_nopcap(int, int, struct bpf_program *,
 	    const char *, int, bpf_u_int32);
 void	pcap_freecode(struct bpf_program *);
+int	pcap_offline_filter(struct bpf_program *, const struct pcap_pkthdr *,
+	    const u_char *);
 int	pcap_datalink(pcap_t *);
 int	pcap_datalink_ext(pcap_t *);
 int	pcap_list_datalinks(pcap_t *, int **);
diff --git a/pcap_offline_filter.3pcap b/pcap_offline_filter.3pcap
new file mode 100644
index 00000000..596c5e44
--- /dev/null
+++ b/pcap_offline_filter.3pcap
@@ -0,0 +1,57 @@
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap_offline_filter.3pcap,v 1.1 2008-05-13 15:19:56 guy Exp $
+.\"
+.\" Copyright (c) 1994, 1996, 1997
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that: (1) source code distributions
+.\" retain the above copyright notice and this paragraph in its entirety, (2)
+.\" distributions including binary code include the above copyright notice and
+.\" this paragraph in its entirety in the documentation or other materials
+.\" provided with the distribution, and (3) all advertising materials mentioning
+.\" features or use of this software display the following acknowledgement:
+.\" ``This product includes software developed by the University of California,
+.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+.\" the University nor the names of its contributors may be used to endorse
+.\" or promote products derived from this software without specific prior
+.\" written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.TH PCAP_OFFLINE_FILTER 3PCAP "13 May 2008"
+.SH NAME
+pcap_offline_filter \- check whether a filter matches a packet
+.SH SYNOPSIS
+.nf
+.ft B
+#include <pcap/pcap.h>
+.ft
+.LP
+.ft B
+int pcap_offline_filter(struct bpf_program *fp,
+.ti +8
+const struct pcap_pkthdr *h, const u_char *pkt)
+.ft
+.fi
+.SH DESCRIPTION
+.B pcap_offline_filter()
+checks whether a filter matches a packet.
+.I fp
+is a pointer to a
+.I bpf_program
+struct, usually the result of a call to
+.BR pcap_compile() .
+.I h
+points to the
+.I pcap_pkthdr
+structure for the packet, and
+.I pkt
+points to the data in the packet.
+.SH RETURN VALUE
+.B pcap_offline_filter()
+returns the return value of the filter program.  This will be zero if
+the packet doesn't match the filter and non-zero if the packet matches
+the filter.
+.SH SEE ALSO
+pcap(3PCAP), pcap_compile(3PCAP)
diff --git a/pcap_setfilter.3pcap b/pcap_setfilter.3pcap
index 26219d17..89d5da7f 100644
--- a/pcap_setfilter.3pcap
+++ b/pcap_setfilter.3pcap
@@ -1,4 +1,4 @@
-.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setfilter.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setfilter.3pcap,v 1.4 2008-05-13 15:19:56 guy Exp $
 .\"
 .\" Copyright (c) 1994, 1996, 1997
 .\"	The Regents of the University of California.  All rights reserved.
@@ -51,4 +51,4 @@ may be called with
 .I p
 as an argument to fetch or display the error text.
 .SH SEE ALSO
-pcap(3PCAP), pcap_geterr(3PCAP)
+pcap(3PCAP), pcap_compile(3PCAP), pcap_geterr(3PCAP)