tcpdump, libpcap

tcpdump, libpcap

Post by Vijayant Palai » Mon, 24 Apr 1995 04:00:00



Hi,

I have installed tcpdump on Linux. I found the following in the README of
the libpcap directory used by the tcpdump -

"Although most packet capture interfaces support in-kernel filtering,
libpcap utilizes in-kernel filtering only for the BPF interface.
On systems that don't have BPF, all packets are read into user-space
and the BPF filters are evaluated in the libpcap library, incurring
added overhead (especially, for selective filters)."

Does BPF interface here means only /dev/bpfXXX?

Does this mean that libpcap in Linux does not perform "in-kernel" filtering?

Can someone tell me how Linux performs the packet filtering.

Thanks in advance,

Vijayant Palaiya

 
 
 

tcpdump, libpcap

Post by Fons Botm » Tue, 25 Apr 1995 04:00:00


: Hi,
: I have installed tcpdump on Linux. I found the following in the README of
: the libpcap directory used by the tcpdump -

: "Although most packet capture interfaces support in-kernel filtering,
: libpcap utilizes in-kernel filtering only for the BPF interface.
: On systems that don't have BPF, all packets are read into user-space
: and the BPF filters are evaluated in the libpcap library, incurring
: added overhead (especially, for selective filters)."

: Does BPF interface here means only /dev/bpfXXX?

: Does this mean that libpcap in Linux does not perform "in-kernel" filtering?
yes, every packet on all interfaces, both incoming and outgoing is sent to
userspace in libpcap.

: Can someone tell me how Linux performs the packet filtering.
Normally, in the kernel (not libpcap) each network layer checks its
protocol-id / socket-nr / ... mostly based on linked lists of registered
values.
If you do not use promiscous mode, the hardware address is filtered by
the hardware. Dunno about multicast filtering.

: Thanks in advance,

: Vijayant Palaiya

Fons.

 
 
 

1. TCPDUMP,LIBPCAP & BPF WHERE CAN I FIND A PORT TO LINUX

Does anyone know where I can find TCPdump Libpcap & BPF , as I understand
that there are ports to Linux.
I require a packet filtering mechanism to pass packets to the user level
as I am doing a Thesis project which involves user level protocol
implemenatations and BPF appears to be the best approach.

2. RedHat 5.1 X crashes terminal ...

3. LBL tcpdump, libpcap and bpf released (Linux now supported)

4. Korn Shell script question

5. tcpdump, libpcap..

6. Crashme on 1.2.13 locks graphics console

7. tcpdump-3.0.2 and libpcap-0.0.6

8. Wu-ftpd Remote Root Hole

9. libpcap problem (hdr.len vs tcpdump file size)?

10. libpcap and tcpdump

11. libpcap, tcpdump,..

12. tcpdump & libpcap