Talk:Berkeley Packet Filter
|WikiProject Computing / Software||(Rated Stub-class)|
Importance of BPF
There are really two parts. One is the packet capture mechanism, which is supported by most BSD-derived Unix operating systems, as well as a few other Unix variants (AIX, SunOS (as a patch), maybe OSF/1). Much more significant is the BPF packet filtering virtual machine; largely compatible versions are implemented in many different operating systems, including Linux and even Windows (in several different driver implementations). Derivative versions of it are implemented in other operating systems (Solaris) and I think, even some hardware products, like specialized network monitoring NICs. Finally, the libpcap portable packet capture library includes a user-level filtering implementation of BPF, so that it can be used even on systems where the OS and drivers do not support it natively or are not present (Solaris, HP-UX, Windows, and others).
Because of this prevalence, BPF has become somewhat of a common denominator for network traffic filtering; just as the x86 instruction set is for PCs, the BPF filter instruction set is the de facto standard for network monitoring and management applications. Just as most PC applications are written in high-level languages that are compiled into x86 instructions, most network traffic filters are written in the more human-readable filter expressions implemented in libpcap (notably in the ubiquitous tcpdump program) and compiled into BPF instructions.
@alex 02:22, 14 September 2006 (UTC)