The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

bpf (9)
  • bpf (4) ( FreeBSD man: Специальные файлы /dev/* )
  • >> bpf (9) ( FreeBSD man: Ядро )
  • Ключ bpf обнаружен в базе ключевых слов.

    • BSD mandoc
     

    NAME

    bpf

 - Berkeley Packet Filter


 

    SYNOPSIS

       #include <net/bpf.h>
    void bpfattach (struct ifnet *ifp u_int dlt u_int hdrlen);
    void Fo bpfattach2 Fa struct ifnet *ifp u_int dlt u_int hdrlen struct bpf_if **driverp Fc Ft void bpfdetach (struct ifnet *ifp);
    void bpf_tap (struct ifnet *ifp u_char *pkt u_int *pktlen);
    void bpf_mtap (struct ifnet *ifp struct mbuf *m);
    void bpf_mtap2 (struct bpf_if *bp void *data u_int dlen struct mbuf *m);
    u_int Fo bpf_filter Fa const struct bpf_insn *pc u_char *pkt u_int wirelen u_int buflen Fc Ft int bpf_validate (const struct bpf_insn *fcode int flen);
     

    DESCRIPTION

    The Berkeley Packet Filter provides a raw interface, that is protocol independent, to data link layers. It allows all packets on the network, even those destined for other hosts, to be passed from a network interface to user programs. Each program may specify a filter, in the form of a filter machine program. The bpf(4) manual page describes the interface used by user programs. This manual page describes the functions used by interfaces to pass packets to and the functions for testing and running filter machine programs.

    The bpfattach ();
    function attaches a network interface to . The Fa ifp argument is a pointer to the structure that defines the interface to be attached to an interface. The Fa dlt argument is the data link-layer type: DLT_NULL (no link-layer encapsulation), DLT_EN10MB (Ethernet), DLT_IEEE802_11 (802.11 wireless networks), etc. The rest of the link layer types can be found in In net/bpf.h . The Fa hdrlen argument is the fixed size of the link header; variable length headers are not yet supported. The system will hold a pointer to Fa ifp->if_bpf . This variable will set to a non- NULL value when requires packets from this interface to be tapped using the functions below.

    The bpfattach2 ();
    function allows multiple instances to be attached to a single interface, by registering an explicit Fa if_bpf rather than using Fa ifp->if_bpf . It is then possible to run tcpdump(1) on the interface for any data link-layer types attached.

    The bpfdetach ();
    function detaches a instance from an interface, specified by Fa ifp . The bpfdetach ();
    function should be called once for each instance attached.

    The bpf_tap ();
    function is used by an interface to pass the packet to . The packet data (including link-header), pointed to by Fa pkt , is of length Fa pktlen , which must be a contiguous buffer. The Fa ifp argument is a pointer to the structure that defines the interface to be tapped. The packet is parsed by each processes filter, and if accepted, it is buffered for the process to read.

    The bpf_mtap ();
    function is like bpf_tap ();
    except that it is used to tap packets that are in an Vt mbuf chain, Fa m . The Fa ifp argument is a pointer to the structure that defines the interface to be tapped. Like bpf_tap (,);
    bpf_mtap ();
    requires a link-header for whatever data link layer type is specified. Note that only reads from the Vt mbuf chain, it does not free it or keep a pointer to it. This means that an Vt mbuf containing the link-header can be prepended to the chain if necessary. A cleaner interface to achieve this is provided by bpf_mtap2 (.);

    The bpf_mtap2 ();
    function allows the user to pass a link-header Fa data , of length Fa dlen , independent of the Vt mbuf Fa m , containing the packet. This simplifies the passing of some link-headers.

    The bpf_filter ();
    function executes the filter program starting at Fa pc on the packet Fa pkt . The Fa wirelen argument is the length of the original packet and Fa buflen is the amount of data present. The Fa buflen value of 0 is special; it indicates that the Fa pkt is actually a pointer to an mbuf chain (Vt struct mbuf * )

    The bpf_validate ();
    function checks that the filter code Fa fcode , of length Fa flen , is valid.  

    RETURN VALUES

    The bpf_filter ();
    function returns -1 (cast to an unsigned integer) if there is no filter. Otherwise, it returns the result of the filter program.

    The bpf_validate ();
    function returns 0 when the program is not a valid filter program.  

    SEE ALSO

    tcpdump(1), bpf(4)  

    HISTORY

    The Enet packet filter was created in 1980 by Mike Accetta and Rick Rashid at Carnegie-Mellon University. Jeffrey Mogul, at Stanford, ported the code to BSD and continued its development from 1983 on. Since then, it has evolved into the Ultrix Packet Filter at DEC a STREAMS NIT module under SunOS 4.1, and BPF  

    AUTHORS

    An -nosplit An Steven McCanne , of Lawrence Berkeley Laboratory, implemented BPF in Summer 1990. Much of the design is due to An Van Jacobson . This manpage was written by An Orla McGann .

     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    RETURN VALUES
    SEE ALSO
    HISTORY
    AUTHORS

    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей     		Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру