filter network packages

[Gigameter]

Hello,

I have a device that sends many multicast messages. Now I want to filter on my mac about half of them. THe packages I want to filter all have the same length (I think they don't have any content so it's only the header). I tried doing this with pf but I wasn't able to find an option for the length.

At the moment I only have
block in on en0 proto udp from 169.254.85.233 port 5004 to 239.255.42.42 port 5004

What I need is something like
block in on en0 proto udp from 169.254.85.233 port 5004 to 239.255.42.42 port 5004 length 0


If I log the messages with
/usr/sbin/tcpdump -lnettti en0 | /usr/bin/logger -t pf
the following appears in the console:

00:00:00.001022 00:70:c7:a5:55:e9 > 01:00:5e:7f:2a:2a, ethertype IPv4 (0x0800), length 60: 169.254.85.233.5004 > 239.255.42.42.5004: UDP, length 0

And this is a package I want to keep
00:00:00.000438 00:70:c7:a5:55:e9 > 01:00:5e:7f:2a:2a, ethertype IPv4 (0x0800), length 1358: 169.254.85.233.5004 > 239.255.42.42.5004: UDP, length 1316

So the only difference is really just the length?

I read that ipfw had the option iplen to filter packages by their size. But until now I didn't found any option for the length for pf.

Do you have any ideas?