// check ip header if (ntohs(eh->ether_type) == ETHERTYPE_IP && el > sizeof(*eh)) { int il = el - sizeof(*eh); const struct iphdr *ih = (const struct iphdr *)(eh + 1);
// check tcp header if (ih->version == 4 && ih->protocol == 6 && il > ih->ihl * 4) { const struct tcphdr *th = (const struct tcphdr *)((const u_char *)ih + ih->ihl * 4); int tl = ntohs(ih->tot_len) - ih->ihl * 4; // length of tcp packet int dl = tl - th->doff * 4; // data length of tcp packet char flags[64], *pflags;