pcap_offline_filter(3) check whether a filter matches a packet


#include <pcap/pcap.h>

int pcap_offline_filter(const struct bpf_program *fp,
        const struct pcap_pkthdr *h, const u_char *pkt)


pcap_offline_filter() checks whether a filter matches a packet. fp is a pointer to a bpf_program struct, usually the result of a call to pcap_compile(). h points to the pcap_pkthdr structure for the packet, and pkt points to the data in the packet.


pcap_offline_filter() returns the return value of the filter program. This will be zero if the packet doesn't match the filter and non-zero if the packet matches the filter.