libpcap

[Andrew Konstantinov]

Hello,

I am writing a program which takes advantage of libpcap but I've run into several problems with it:
1) Is there any way how I can specify in the filter description that it should match only incoming packets on some interface? inbound/outbound keywords work only for 'slip' (according to tcpdump man page). I could do that with 'not src host' and then put the local hostname after that, but is there a more general solution, without the need for local hostname or ip address?
2) I can't figure out how to setup a filter so it could match several ports at once. For example, I want the filter to only match 21-25 and 113 ports for incoming traffic. How do I do that? Right know I can see only two solutions. I could simply sniff all the traffic, and then filter out the interesting ports by myself, or I could setup several filters each of which would be responsible for a specific port. But both solutions seem to be inefficient. Is there a better way to accomplish this?
Any help will be greatly appriciated.

Thanks in advance.
Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20030803/75204720/attachment.bin