Sciweavers

USENIX
1993

The BSD Packet Filter: A New Architecture for User-level Packet Capture

14 years 1 months ago
The BSD Packet Filter: A New Architecture for User-level Packet Capture
Manyversions of Unix provide facilities for user-levelpacket capture, making possible the use of general purpose workstations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be minimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed around a stack-based filter evaluator that performs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, registerbased filter evaluator that is up to 20 times faster than the original design. BPF also uses a straightforward buffering strategy that makes its overall performance up to 100 times faster than Sun’s NIT running on the same hardware.
Steven McCanne, Van Jacobson
Added 02 Nov 2010
Updated 02 Nov 2010
Type Conference
Year 1993
Where USENIX
Authors Steven McCanne, Van Jacobson
Comments (0)