Talk:Berkeley Packet Filter

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing / Software (Rated Stub-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Stub-Class article Stub  This article has been rated as Stub-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Software.
Note icon
This article has been automatically rated by a bot or other tool as Stub-Class because it uses a stub template. Please ensure the assessment is correct before removing the |auto= parameter.

Importance of BPF[edit]

There are really two parts. One is the packet capture mechanism, which is supported by most BSD-derived Unix operating systems, as well as a few other Unix variants (AIX, SunOS (as a patch), maybe OSF/1). Much more significant is the BPF packet filtering virtual machine; largely compatible versions are implemented in many different operating systems, including Linux and even Windows (in several different driver implementations). Derivative versions of it are implemented in other operating systems (Solaris) and I think, even some hardware products, like specialized network monitoring NICs. Finally, the libpcap portable packet capture library includes a user-level filtering implementation of BPF, so that it can be used even on systems where the OS and drivers do not support it natively or are not present (Solaris, HP-UX, Windows, and others).

Because of this prevalence, BPF has become somewhat of a common denominator for network traffic filtering; just as the x86 instruction set is for PCs, the BPF filter instruction set is the de facto standard for network monitoring and management applications. Just as most PC applications are written in high-level languages that are compiled into x86 instructions, most network traffic filters are written in the more human-readable filter expressions implemented in libpcap (notably in the ubiquitous tcpdump program) and compiled into BPF instructions.

@alex 02:22, 14 September 2006 (UTC)


Could somebody indicate what they consider to be out-of-date in the article? Guy Harris (talk) 18:37, 24 August 2012 (UTC)