O'Reilly logo

TCP/IP Illustrated by W. Richard Stevens, Gary R. Wright

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 31. BPF: BSD Packet Filter

Introduction

The BSD Packet Filter (BPF) is a software device that “taps” network interfaces. A process accesses a BPF device by opening /dev/bpf0, /dev/bpf1, and so on. Each BPF device can be opened only by one process at a time.

Since each BPF device allocates 8192 bytes of buffer space, the system administrator typically limits the number of BPF devices. If open returns EBUSY, the device is in use, and a process tries the next device until the open succeeds.

The device is configured with several ioctl commands that associate the device with a network interface and install filters to receive incoming packets selectively. Packets are received by reading from the device, and packets are queued on the network interface ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required