1@(#) $Header: /tcpdump/master/libpcap/README,v 1.34 2008-12-14 19:44:14 guy Exp $ (LBL) 2 3LIBPCAP 1.x.y 4 5www.tcpdump.org 6 7Please send inquiries/comments/reports to: 8 tcpdump-workers@lists.tcpdump.org --- 49 unchanged lines hidden (view full) --- 58Although most packet capture interfaces support in-kernel filtering, 59libpcap utilizes in-kernel filtering only for the BPF interface. 60On systems that don't have BPF, all packets are read into user-space 61and the BPF filters are evaluated in the libpcap library, incurring 62added overhead (especially, for selective filters). Ideally, libpcap 63would translate BPF filters into a filter program that is compatible 64with the underlying kernel subsystem, but this is not yet implemented. 65 |
66BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly 67BSD, and Mac OS X; an older, modified and undocumented version is 68standard in AIX. {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the 69packetfilter interface but has been extended to accept BPF filters 70(which libpcap utilizes). Also, you can add BPF filter support to 71Ultrix using the kernel source and/or object patches available in: |
72 |
73 http://www.tcpdump.org/other/bpfext42.tar.Z |
74 75Linux, in the 2.2 kernel and later kernels, has a "Socket Filter" 76mechanism that accepts BPF filters; see the README.linux file for 77information on configuring that option. 78 79Note to Linux distributions and *BSD systems that include libpcap: 80 81There's now a rule to make a shared library, which should work on Linux --- 24 unchanged lines hidden --- |