I have installed tcpdump on Linux. I found the following in the README of
the libpcap directory used by the tcpdump -
"Although most packet capture interfaces support in-kernel filtering,
libpcap utilizes in-kernel filtering only for the BPF interface.
On systems that don't have BPF, all packets are read into user-space
and the BPF filters are evaluated in the libpcap library, incurring
added overhead (especially, for selective filters)."
Does BPF interface here means only /dev/bpfXXX?
Does this mean that libpcap in Linux does not perform "in-kernel" filtering?
Can someone tell me how Linux performs the packet filtering.
Thanks in advance,