/// <summary>
/// Assign a filter to this device given a filterExpression
/// </summary>
/// <param name="filterExpression">The filter expression to compile</param>
protected void SetFilter(string filterExpression)
{
// save the filter string
_filterString = filterExpression;
int res;
// pcap_setfilter() requires a valid pcap_t which isn't present if
// the device hasn't been opened
ThrowIfNotOpen("device is not open");
// attempt to compile the program
var bpfProgram = BpfProgram.Create(Handle, filterExpression);
//associate the filter with this device
res = LibPcapSafeNativeMethods.pcap_setfilter(Handle, bpfProgram);
// Free the program whether or not we were successful in setting the filter
// we don't want to leak unmanaged memory if we throw an exception.
bpfProgram.Dispose();
//watch for errors
if (res < 0)
{
var errorString = string.Format("Can't set filter ({0}) : {1}", filterExpression, LastError);
throw new PcapException(errorString);
}
}
public static BpfProgram TryCreate(PcapHandle pcapHandle, string filter, int optimize = 1, uint netmask = 0)
{
var bpfProgram = new BpfProgram();
int result;
// Compile the expressions
if (ThreadSafeCompile)
{
result = LibPcapSafeNativeMethods.pcap_compile(pcapHandle,
bpfProgram,
filter,
optimize,
netmask);
}
else
{
lock (SyncCompile)
{
result = LibPcapSafeNativeMethods.pcap_compile(pcapHandle,
bpfProgram,
filter,
optimize,
netmask);
}
}
if (result < 0)
{
// Don't use Dispose since we don't want pcap_freecode to be called here
Marshal.FreeHGlobal(bpfProgram.handle);
bpfProgram.SetHandle(IntPtr.Zero);
bpfProgram = null;
}
return(bpfProgram);
}
/// <summary>
/// Returns true if the filter expression was able to be compiled into a
/// program without errors
/// </summary>
public static bool CheckFilter(string filterExpression,
out string errorString)
{
errorString = null;
using (var pcapHandle = LibPcapSafeNativeMethods.pcap_open_dead((int)PacketDotNet.LinkLayers.Ethernet, Pcap.MAX_PACKET_SIZE))
{
var bpfProgram = BpfProgram.TryCreate(pcapHandle, filterExpression);
if (bpfProgram == null)
{
errorString = GetLastError(pcapHandle);
return(false);
}
else
{
bpfProgram.Dispose();
return(true);
}
}
}
internal extern static int pcap_offline_filter(BpfProgram prog, IntPtr /* pcap_pkthdr* */ header, IntPtr pkt_data);
internal extern static int pcap_setfilter(PcapHandle /* pcap_t* */ adaptHandle, BpfProgram fp);
internal extern static int pcap_compile(
PcapHandle /* pcap_t* */ adaptHandle, BpfProgram fp,
[MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(PcapStringMarshaler))] string /*char * */ str,
int optimize, UInt32 netmask
);
