I found the following in the README of the libpcap directory used by the
"Although most packet capture interfaces support in-kernel filtering,
libpcap utilizes in-kernel filtering only for the BPF interface.
On systems that don't have BPF, all packets are read into user-space
and the BPF filters are evaluated in the libpcap library, incurring
added overhead (especially, for selective filters)."
Does BPF interface here means only /dev/bpfXXX?
Does this mean that libpcap in systems which does not have /dev/bpfXXX
won't does not perform "in-kernel" filtering?
In short, can someone tell how packet filtering works for other systems?
Thanks in advance,