Date: Thu, 21 May 1998 01:24:49 -0700 (PDT) From: Rusty Eddy <eddy@kit.isi.edu> To: lc001@yahoo.com (C L) Cc: freebsd-net@FreeBSD.ORG Subject: Re: Questions about Packet Filter Message-ID: <199805210824.BAA10316@kit.isi.edu> In-Reply-To: <19980520191245.16963.rocketmail@send1e.yahoomail.com> from C L at "May 20, 98 12:12:45 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Very appreciated if anybody can answer the questions: > > 1. Does BPF support the monitoring of out going packages? how? I know > it can monitor the receiving packages and directly write a new package > into the specified network interface. How about the packages written > by other network or transport protocols? > bpf hangs in/near the device driver allowing packets to be matched and potientially gathered in the device input output routines. the network protocol on up doesn't matter provided it's not filtered out. > 2. Solaris seems having a similar soft-driver called "Network > Interface Tap". Anybody use that before? Can it monitoring both > incoming and outgoing packages? > aka /dev/nit, it cannot read outgoing packets. it has to do with the streams drivers not permitting it, see the BPF paper by Van Jacobson for more details on why. i beleive modern day solaris's know use DLPI, but i have no experience within. > 4. How about in HP-UX, Linux, and AIX? > > I may need to port my code to these OSs. > use libpcap. Linux uses BPF also, btw. > Thanks, > Carl > > - rusty To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805210824.BAA10316>