I don't have one handy, but basically you have to hack libpcap a bit
to push the generated filters using SO_ATTACH_FILTER onto a socket.
The format (LPF) understood by the kernel is a superset of the BPF
stack machine code generated by libpcap. See linux/filter.h and the BPF
documentation.
It's main drawback is that it doesn't support variable length headers
properly.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/