It's been in the kernel since probably 2.1.x or so. A long time ago, anyway :P Make sure that it is compiled into your kernel, it is a separate config option in the networking section.
While on the subject of kernels, my personal opinion is that a software project that doesn't expose bugs in other software isn't worth writing. Accordingly, here is a patch for linux kernels below version 2.3.15 that you'll want to apply if you want to reference anything before the transport header.
Using an LSF program is rather simple. Load the program into a buffer somewhere, open a socket, and say
#include <sys/types.h> #include <sys/socket.h> #include <net/bpf.h> struct bpf_program bp; bp.bf_len = filelength / sizeof(struct bpf_insn); bp.bf_insns = filebuffer; setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, &bp, sizeof(bp));Simple, no? The include file net/bpf.h can be found in libpcap. Look for it in your distribution.