| The evolution of Unix was heavily impacted by BSD system, BSD system can be called traditional and authentic Unix, this can be seen in the BSD history.Unix has become synonymous with high quality networking, and many Unix systems' TCP/IP modules adopted BSD's TCP/IP source code as their start point. There are mainly three open source BSD systems: FreeBSD, NetBSD, OpenBSD, their licenses are looser than GPL, which is used by GNU/Linux.BSD Packet Filter (BPF) lies in the kernel of BSD Unix, it is independent of the TCP/IP stack, and gives user mode processes a raw interface to access data link layer, it has been widely used in network monitors and other softwares, such as tcpdump. The filter in BPF was implemented by a pseudo machine, which consists of an accumulator, an index register, a scratch memory store, and an implicit program counter. BPF can be directly programmed via ioctl system call and the pseudo machine instruction set, it can also be programmed by using libpcap function library, which can access many kinds of packet capture facilities provided by OSes(BPF is the important one in them).There are several problems in BPF yet, one is: a BPF file that does not request promiscuous mode may receive promiscuously received packets as a side effect of another file requesting this mode on the same hardware interface. Though the problem can be remedied by all BPF files assuming that the interface has been set into promiscuous mode and utilizing a filter to reject foreign packets, this has not thoroughly solved the problem and will trouble programmers to add many special instructions. This paper includes a solution to this BPF's problem, and the solution has been implemented on FreeBSD 4.7, as a result, it also makes BPF provide a better interface to application program. |
PDF Full Text Request