int pcap_setfilter(pcap_t *, struct bpf_program *);
If so, you're P/Invoke is incorrect. It should be:
public static extern int pcap_setfilter(IntPtr p,IntPtr fp);
Alternatively, it may be possible to use something like this:
public struct pcap_t
// contents should mirror the native struct
public struct bpf_program
// this should match the native version too
// Your P/Invoke can look like this now
public static extern int pcap_setfilter(ref pcap_t p, ref bpf_program fp);
Though not everything can be rewritten 'nicely' like this. It depends on the method signature you're trying to wrap. Also if you write the code like this, you *cannot* store the pointer in native code. If you want to store a copy of the data in native code, you'll have to use the IntPtr method like you originally did.
NOTE: My code snippets are just snippets. They demonstrate an idea which can be adapted by you to solve your problem. They are not 100% complete and fully functional solutions equipped with error handling.
The reason I put ref before the parameters is because otherwise I get an AccessViolationException.
I managed to get rid of the SEHException by changing the method declaration as
public static extern int pcap_setfilter(IntPtr p,ref IntPtr fp);
If I remove the ref for both, I get AccessViolation and when I put for both I get the SEH one.
The problem I now have is that the packets are not getting filtered. Nothing is getting captured.
However, when I give an empty string at the place of the filtering string, the program captures all the packets.
Any thoughts on what could be the problem?
Last edited by padfoot; February 14th, 2009 at 10:19 AM.