Skip to content

Instantly share code, notes, and snippets.

@oro350
Created January 5, 2014 17:16
Show Gist options
  • Save oro350/8270932 to your computer and use it in GitHub Desktop.
Save oro350/8270932 to your computer and use it in GitHub Desktop.
BPF compiler using libpcap
#include <pcap.h>
#include <unistd.h>
int main(int argc, char **argv)
{
struct bpf_program bpfprog;
int dflag = 0;
int c;
while ((c = getopt(argc, argv, "d")) != -1) {
switch (c) {
case 'd':
dflag++;
break;
default:
fprintf(stderr, "Usage: %s [-d|-dd|-ddd] filter\n", argv[0]);
return 1;
}
}
if (pcap_compile_nopcap(1, 0, &bpfprog, argv[optind], 0, 0) < 0) {
fprintf(stderr, "pcap_compile_nopcap()\n");
return 1;
}
bpf_dump(&bpfprog, dflag);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment