1$OpenBSD: README,v 1.7 2014/04/11 04:08:58 lteo Exp $ 2$NetBSD: README,v 1.2 1995/03/06 11:38:07 mycroft Exp $ 3 4LIBPCAP 0.5 5Now maintained by "The Tcpdump Group" 6Send patches to patches@tcpdump.org 7See www.tcpdump.org 8 9formerly from Lawrence Berkeley National Laboratory 10 Network Research Group <libpcap@ee.lbl.gov> 11 ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4) 12 13This directory contains source code for libpcap, a system-independent 14interface for user-level packet capture. libpcap provides a portable 15framework for low-level network monitoring. Applications include 16network statistics collection, security monitoring, network debugging, 17etc. Since almost every system vendor provides a different interface 18for packet capture, and since we've developed several tools that 19require this functionality, we've created this system-independent API 20to ease in porting and to alleviate the need for several 21system-dependent packet capture modules in each application. 22 23Note well: this interface is new and is likely to change. 24 25The libpcap interface supports a filtering mechanism based on the 26architecture in the BSD packet filter. BPF is described in the 1993 27Winter Usenix paper ``The BSD Packet Filter: A New Architecture for 28User-level Packet Capture''. A compressed postscript version is in: 29 30 ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z. 31 32Although most packet capture interfaces support in-kernel filtering, 33libpcap utilizes in-kernel filtering only for the BPF interface. 34On systems that don't have BPF, all packets are read into user-space 35and the BPF filters are evaluated in the libpcap library, incurring 36added overhead (especially, for selective filters). Ideally, libpcap 37would translate BPF filters into a filter program that is compatible 38with the underlying kernel subsystem, but this is not yet implemented. 39 40BPF is standard in 4.4BSD, BSD/386, NetBSD, and FreeBSD. DEC OSF/1 41uses the packetfilter interface but has been extended to accept BPF 42filters (which libpcap utilizes). Also, you can add BPF filter support 43to Ultrix using the kernel source and/or object patches available in: 44 45 ftp://gatekeeper.dec.com/pub/DEC/net/bpfext42.tar.Z. 46 47Problems, bugs, questions, desirable enhancements, source code 48contributions, etc., should be sent to the email address 49"patches@tcpdump.org". 50 51