Chapter 31. BPF: BSD Packet Filter
The BSD Packet Filter (BPF) is a software device that “taps” network interfaces. A process accesses a BPF device by opening
/dev/bpf0, /dev/bpf1, and so on. Each BPF device can be opened only by one process at a time.
Since each BPF device allocates 8192 bytes of buffer space, the system administrator typically limits the number of BPF devices. If
EBUSY, the device is in use, and a process tries the next device until the
The device is configured with several
ioctl commands that associate the device with a network interface and install filters to receive incoming packets selectively. Packets are received by reading from the device, and packets are queued on the network interface ...