[Gal Sagie <gal.sagie@xxxxxxxxx>]

Hello,

I want to achieve the following :

1) I have a raw packet buffer, i want to search if they match a certain BPF filter (i dont care about the device or how i received this packet buffer) just want

   to know it match or doesn't match.

The code i tried :

1.  pkt = pointer to packet data
2.         char errbuf[PCAP_ERRBUF_SIZE];
3.         pcap_t* pc = pcap_create("any",&errbuf);
4.         int active = pcap_activate(pc);
5.        
6.         struct bpf_program fp;
7.         int res = pcap_compile(pc,&fp,"ip",0,0);
8.        
9.         struct pcap_pkthdr hdr;
10.         memset(&hdr,0,sizeof(hdr));
11.         hdr.caplen = pkt->pkt_len;
12.         hdr.len = pkt->pkt_len;  
13.                        
14.         u_char* data = "" char *)pkt->data
15.                        
16.        int match = pcap_offline_filter(&fp, &hdr ,data);
17.        printf("Packet Match = %d\r\n",match);
    
    
    
    
    That doesn't work.... (it doesn't fail but return "0" on match every time even that the packet is IP packet as i debugged it)
    
    
    Any ideas ? what am i doing wrong? or how else can i achieve the same results? 
    Thanks in advance!
    
    
    Gal.