hello here is small piece of code. Not able to understand why pcap_compile is failing.
#include<pcap/pcap.h>
int main()
{
char error_string[PCAP_ERRBUF_SIZE];
pcap_t * capture = pcap_open_offline( "/home/lokesh/Desktop/capture_tls.pcapng", error_string );
if( capture == NULL )
{
fprintf( stderr, "%s %d %s\n", __func__, __LINE__, error_string );
return 1;
}
struct bpf_program bpf;
if( pcap_compile( capture, &bpf, "ipv6.addr==2406:7400:63:12c2:868c:aa3:758e:d09", 0, PCAP_NETMASK_UNKNOWN ) )
{
fprintf( stderr, "%s %d compile error: %s\n", __func__, __LINE__, pcap_geterr( capture ) );
return 1;
}
if( pcap_setfilter( capture, &bpf ) )
{
fprintf( stderr, "%s %d set filter error: %s\n", __func__, __LINE__, pcap_geterr( capture ) );
}
pcap_close( capture );
return 0;
}
I am seeing the following error
main 15 compile error: can't parse filter expression: syntax error
Same filter is functioning fine in wireshark GUI.
can someone help me understand the issue ....
thanks.