Subject: Re: Documentation on BPFs?
To: None <simons@petium.rhein.DE>
From: Martin Cracauer <cracauer@wavehh.hanse.de>
List: tech-kern
Date: 01/13/1997 15:53:51
simons@petium.rhein.DE (Peter Simons) wrote:
>Can anyone point me to a good documentation of the Berkeley Packet
>Filters? Reading other people's source is not a strength of mine,
>that's why I am looking for a book, web page or any other document
>that describes how to program them in detail.
You could also consider using libpcap instead, which is a layer above
bpf that also has a backend for SVR4 (non-bpf) packet
filters. ftp://ftp.ee.lbl.gov/libpcap-*.tar.Z
Not that I argue it is better than BPF, just dit should be considered
for portable programs. Newer tcpdump (3.x) use it insstead of bpf.
BTW, I found the manpage of BPF almost sufficient, this the exception
that an example with a proper read loop over the filter device is
missing.
Martin
--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin_Cracauer@wavehh.hanse.de http://cracauer.cons.org Fax.: +4940 5228536
"As far as I'm concerned, if something is so complicated that you can't ex-
plain it in 10 seconds, then it's probably not worth knowing anyway"- Calvin