9a7a Berkeley Packet Filter - /dev/bpf Question - The FreeBSD Forums
The FreeBSD Forums  

Go Back   The FreeBSD Forums > Server & Networking > Networking
Reload this Page Berkeley Packet Filter - /dev/bpf Question
Register FAQ Calendar Search Today's Posts Mark Forums Read

Networking Network related discussions (including general TCP/IP stuff, routing, etc).

Reply
 
Thread Tools Display Modes
  #1  
Old December 8th, 2011, 22:16
bnyec bnyec is offline
Junior Member
  
Join Date: Dec 2011
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Post Berkeley Packet Filter - /dev/bpf Question
Hello,

I have done some searching and I can't for the life of me remember/find this info. Running a FreeBSD 8.x system and I see that /dev/bpf0 is symlinked to /dev/bpf.

Code:
#ls -al /dev/bpf*
crw-r-----  1 root  wheel    0,  13 Dec  8 13:51 /dev/bpf
lrwxr-xr-x  1 root  wheel         3 Dec  8 13:51 /dev/bpf0 -> bpf
#
On an older system running FreeBSD 7.x system I see /dev/bpf[0-9].

Code:
# ls -al /dev/bpf*
crw-------  1 root  wheel    0, 110 May 17  2010 /dev/bpf0
crw-------  1 root  wheel    0, 111 May 17  2010 /dev/bpf1
crw-------  1 root  wheel    0, 119 Dec  7 16:59 /dev/bpf2
crw-------  1 root  wheel    0, 108 Dec  7 16:57 /dev/bpf3
crw-------  1 root  wheel    0, 121 May 17  2010 /dev/bpf4
#
Why the change? Is /dev/bpf[0-9] no longer required?

Thanks for the info.
Last edited by DutchDaemon; December 8th, 2011 at 23:21. Reason: Proper formatting: http://forums.freebsd.org/showthread.php?t=8816
Reply With Quote
  #2  
Old December 9th, 2011, 23:06
bnyec bnyec is offline
Junior Member
  
Join Date: Dec 2011
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Ok, after further searching, I think I found the answer. Please correct me if I'm wrong.
It is now a "cloning device"?

Quote:
Berkeley Packet Filter

The Berkeley Packet Filter (BPF) (sys/net/bpf.c) provides link layer access to data available on the network through interfaces attached to the system. BPF is used by opening a device node, /dev/bpf and issuing ioctl's to control the operation of the device. A popular example of a tool using BPF is tcpdump.

The device /dev/bpf is a cloning device, meaning it can be opened multiple times. It is in principle similar to a cloning interface, except BPF provides no network interface, only a method to open the same device multiple times.

To capture network traffic, a BPF device must be attached to an interface. The traffic on this interface is then passed to BPF for evaluation. For attaching an interface to an open BPF device, the ioctl BIOCSETIF is used. The interface is identified by passing a struct ifreq, which contains the interface name in ASCII encoding. This is used to find the interface from the kernel tables. BPF registers itself to the interfaces struct ifnet field if_bpf to inform the system that it is interested about traffic on this particular interface. The listener can also pass a set of filtering rules to capture only certain packets, for example ones matching a given host and port combination.
Last edited by DutchDaemon; June 30th, 2012 at 00:10.
Reply With Quote
Reply

Tags
berkeley packet filter, bpf

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Solved] Packet Filter configuration leboeuf Firewalls 9 March 9th, 2011 15:42
Packet Filter (PF) Question markfisher Firewalls 2 November 26th, 2010 01:11
Using bpf filter in a kernel module TBH Networking 3 May 18th, 2010 20:48
/dev/bpf is not present aurora72 Installing & Upgrading 12 December 17th, 2009 14:12
Packet Filter blocking ddclxvi Firewalls 14 July 21st, 2009 10:06


All times are GMT +1. The time now is 21:07.

Contact Us - FreeBSD - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.
The mark FreeBSD is a registered trademark of The FreeBSD Foundation and is used by The FreeBSD Project with the permission of The FreeBSD Foundation.
Web protection and acceleration provided by CloudFlare
0