*BSD News Article 93925


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!inferno.mpx.com.au!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!gatech!ennfs.eas.asu.edu!noao!rstevens
From: rstevens@noao.edu (W. Richard Stevens)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.protocols.tcp-ip
Subject: Re: Q: Raw sockets to buypass tcp/udp?
Date: 19 Apr 1997 12:58:02 GMT
Organization: National Optical Astronomy Observatories, Tucson, AZ, USA
Lines: 8
Message-ID: <5jafgq$o0v@noao.edu>
References: <33551811.6113@snads.lkg.dec.com> <5j7vc3$1es$1@sol.ctr.columbia.edu>
NNTP-Posting-Host: gemini.tuc.noao.edu
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39348 comp.protocols.tcp-ip:53144


> The only problem with BPF is that programming it can be tricky;

That's *exactly* why you should be using libpcap--it lets you program
BPF (or whatever) using the same high-level commands as you can give
to tcpdump on the command line.  Then call pcap_compile() and it
compiles it into BPF's internal language.

	Rich Stevens