From owner-freebsd-hackers  Wed Aug 13 12:40:33 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA23325
          for hackers-outgoing; Wed, 13 Aug 1997 12:40:33 -0700 (PDT)
Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA23315
          for <freebsd-hackers@FreeBSD.ORG>; Wed, 13 Aug 1997 12:40:23 -0700 (PDT)
Received: from localhost (brian@localhost)
	by shell.firehouse.net (8.8.5/8.8.5) with SMTP id PAA04252;
	Wed, 13 Aug 1997 15:38:47 -0400 (EDT)
Date: Wed, 13 Aug 1997 15:38:42 -0400 (EDT)
From: Brian Mitchell <brian@firehouse.net>
To: Adrian Chadd <adrian@obiwan.psinet.net.au>
cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Information on using the BPF?
In-Reply-To: <Pine.BSF.3.95q.970813194620.6987A-100000@obiwan.psinet.net.au>
Message-ID: <Pine.BSI.3.95.970813153736.4229C-100000@shell.firehouse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 13 Aug 1997, Adrian Chadd wrote:

> Hi.
> 
> I'm going to be using the bpf for an upcoming project, and save reading
> tcpdump source, is there a good source of information on how to program
> it? (I'd rather talk directly to it rather than via a library or some
> other front end, this thing needs to run rather quickly ;)

the bpf man page is really really really detailed, and an excellent source
of information. I don't imagine you will need anything more.

btw, tcpdump source wont help you at all, it uses libpcap :). libpcap
source, on the other hand, may be of considerable use. For what it's
worth, i'd probably use libpcap instead.

> 
> Thanks,
> 
> -- 
> Adrian Chadd			| "Unix doesn't stop you from doing
> <adrian@psinet.net.au>		|   stupid things because that would 
> 				|    stop you from doing clever things"
> 
> 
>