Hello all, I am having problems calling the PacketSetBpf function from packet.dll and I would like to know if anyone can offer some advise.
As I understand things...
I call... PacketSetBpf ( LPADAPTER AdapterObject, struct bpf_program *
fp )
The 'AdapterObject' is no problem and 'fp' is a pointer to the 'bpf_program'
structure.
The 'bpf_program' structure has two elements...
'bf_len' the number of instructions to follow and 'bf_insns' a pointer to
the 'bf_insn' array of structures
The 'bf_insn' array of structures has the following elements...
'code' Instruction type and addressing mode
'jt' Jump if true
'jf' Jump if false
'k' various uses
So I assume that each 'bf_insn' structure will hold a single instruction. So
if I take a filter like "ether broadcast" and run the WinDump command line
like this... "windump -dd ether broadcast" then press ctrl+c I see the
following...
{ 0x20, 0, 0, 0x00000002 },
{ 0x15, 0, 3, 0xffffffff },
{ 0x28, 0, 0, 0x00000000 },
{ 0x15, 0, 1, 0x0000ffff },
{ 0x6, 0, 0, 0x00000060 },
{ 0x6, 0, 0, 0x00000000 },
So I assumed that (reading line by line), the first 'bf_insn' structures
elements will contain...
code = 0x20
jt = 0
jf = 0
k = 0x00000002
The second 'bfn_insn' structures elements will be
code = 0x15
jt = 0
jf = 3
k = 0xffffffff
Does what I describe above sound correct...? or have I completely
misunderstood the use of the PacketSetBpf function and it's structures...?
The reason I ask is because no matter what I try, I can NOT apply the filter
and make the function return true.
Can anyone offer any advise or assistance please..?
Best regards
Anthony Haywood
<<attachment: winmail.dat>>
