The Berkeley Packet Filter (BPF; also BSD Packet Filter, classic BPF or cBPF) is a network tap and packet filter which permits computer network packets to be captured and filtered at the operating system level. It provides a raw interface to data link layers, permitting raw link-layer packets to be sent and received, and allows a userspace process to supply a filter program that specifies which pack. Raw data-link interfaceBPF provides that can be bound to a network interface; reads from the device will read buffers full of packets received on the network interface, and writes to the device will inject packets on the networ. BPF's filtering capabilities are implemented as an interpreter for a for the BPF, a 32-bit machine with fixed-length instructions, one, and one. Programs i. Some projects use BPF instruction sets or execution techniques different from the originals. Some platforms, including,, and, use a (JIT).
[PDF Version]