On Thu, Nov 29, 2001 at 05:20:20PM +0900, ��ȫ�� wrote:
> I'v known that libpcap and tcpdump implementation on SunOS 5.x is done in user level.
> So I want to apply BPF to SunOS 5.x to improve performance.
> Is there some way to do that?
There is, in theory, a way to do that.
> If exists, ... let me know the way to do that.
The way to do that is to write a STREAMS module for the SunOS 5.x kernel
- call it "bpfmod", for example - which acts similarly to the "pfmod"
STREAMS module but, instead of using CMU/Stanford stack-machine code for
the filter, uses the BPF engine (from "bpf_filter.c") for the filter.
Then configure your machine to load that kernel module, and modify
libpcap to
attempt to push "bpfmod" onto the stream before pushing "bufmod"
onto the stream;
if that attempt succeeds, store a flag in the "pcap_t" structure
indicating that "bpfmod" has been pushed onto the stream;
in "pcap_setfilter()", if the "bpfmod" flag is set in the
"pcap_t" structure, do an ioctl (which the "bpfmod" STREAMS
module will have to support) to hand the filter to the kernel;
in "pcap_read()", if the "bpfmod" flag is set in the "pcap_t"
structure, don't bother calling "bpf_filter()", just handle
every packet that arrives.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
