/// <summary>
/// Applies a filter to the packet capture.
/// </summary>
/// <remarks>
/// The filter string is a high level filtering expression, see
/// <a href="http://www.winpcap.org/docs/docs_40_2/html/group__language.html">
/// the WinPcap documentation</a> for a description of the syntax.
///
/// Filtering the captured traffic to the minimum required can
/// increase the performance of the capture application as less
/// copies need to be performed.
///
/// Note: has no effect if reading from a file.
///
/// Note: tests for IPv4 broadcast addresses do not work at the
/// moment.
/// </remarks>
/// <exception cref="System.ObjectDisposedException">
/// The <c cref="Spladug.PacketCapture.PacketReader">PacketReader</c>
/// has been closed.
/// </exception>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="filter"/> is null.
/// </exception>
/// <param name="filter">Filter expression, see syntax in remarks.</param>
public void ApplyFilter(string filter)
{
ThrowIfDisposed();
ArgumentGuards.ThrowIfNull(filter, "filter");
var program = new bpf_program();
int compilationResult = NativeMethods.pcap_compile(
handle,
program,
filter,
1, // optimize the compiled filter-program
0 // netmask -- need to get this from the interface
);
if (compilationResult == ReturnValue.Error)
handle.ThrowLastError();
int setFilterResult = NativeMethods.pcap_setfilter(handle, program);
NativeMethods.pcap_freecode(program);
if (setFilterResult == ReturnValue.Error)
handle.ThrowLastError();
}
internal static extern void pcap_freecode(bpf_program filter);
internal static extern int pcap_setfilter(PcapHandle p, bpf_program filter);
internal static extern int pcap_compile(PcapHandle p, bpf_program compiled, string code, int optimize, uint netmask);
