The BSD Packet Filter: A New Architecture for User-level Packet Capture
暂无分享,去创建一个
Many versions of Unix provide facilities for user-level packet capture, making possible the use of general purpose workstations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be minimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed around a stack-based filter evaluator that performs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, register-based filter evaluator that is up to 20 times faster than the original design. BPF alson uses a straighforward buffering strategy that makes its overall performance up to 100 times faster than Sun's NIT running on the same hardware.
[1] T. J. Bergendahl,et al. DIGITAL EQUIPMENT CORPORATION. , 1968, Analytical chemistry.
[2] Ralph E. Griswold,et al. The Icon programming language , 1983 .
[3] Jeffrey C. Mogul,et al. The packer filter: an efficient mechanism for user-level network code , 1987, SOSP '87.
[4] Robert Braden. A pseudo-machine for packet monitoring and statistics , 1988, SIGCOMM.
[5] Jeffrey C. Mogul,et al. Efficient use of workstations for passive monitoring of local area networks , 1990, SIGCOMM '90.