From owner-freebsd-net  Thu May 21 01:23:01 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA23817
          for freebsd-net-outgoing; Thu, 21 May 1998 01:23:01 -0700 (PDT)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from kit.isi.edu (kit.isi.edu [128.9.160.207])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA23811
          for <freebsd-net@FreeBSD.ORG>; Thu, 21 May 1998 01:22:57 -0700 (PDT)
          (envelope-from eddy@kit.isi.edu)
Received: (from eddy@localhost)
	by kit.isi.edu (8.8.7/8.8.7) id BAA10316;
	Thu, 21 May 1998 01:24:49 -0700 (PDT)
	(envelope-from eddy)
From: Rusty Eddy <eddy@kit.isi.edu>
Message-Id: <199805210824.BAA10316@kit.isi.edu>
Subject: Re: Questions about Packet Filter
In-Reply-To: <19980520191245.16963.rocketmail@send1e.yahoomail.com> from C L at "May 20, 98 12:12:45 pm"
To: lc001@yahoo.com (C L)
Date: Thu, 21 May 1998 01:24:49 -0700 (PDT)
Cc: freebsd-net@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Very appreciated if anybody can answer the questions:
> 
> 1. Does BPF support the monitoring of out going packages? how? I know
> it can monitor the receiving packages and directly write a new package
> into the specified network interface. How about the packages written
> by other network or transport protocols?
> 

bpf hangs in/near the device driver allowing packets to
be matched and potientially gathered in the device input output
routines.  the network protocol on up doesn't matter provided
it's not filtered out.


> 2. Solaris seems having a similar soft-driver called "Network
> Interface Tap". Anybody use that before? Can it monitoring both
> incoming and outgoing packages?
> 

aka /dev/nit, it cannot read outgoing packets.  it has
to do with the streams drivers not permitting it, see
the BPF paper by Van Jacobson for more details on why.

i beleive modern day solaris's know use DLPI, but i
have no experience within.
 
> 4. How about in HP-UX, Linux, and AIX?
> 
> I may need to port my code to these OSs.
> 

use libpcap. Linux uses BPF also, btw.

> Thanks,
> Carl
> 
> 
- rusty

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message