Re: Questions about Packet Filter

Rogier Wolff (
Thu, 21 May 1998 10:10:20 +0200 (MET DST)

Alan Cox wrote:
> > Are the BPF devices capable of "intercept" packages passing through
> > them?
> There are no BPF 'devices'. 2.1.x allows BPF filters on arbitary sockets
> BPF does not write packets just test them.
> > I mean is it possible that after it intercepts the outgoing package it
> > can modify the package contents(e.g. destination port) and inject into
> > NIC? Or, modify the package contents when intercept the incoming
> > packages and poll them back to the higher level protocols or
> > applications?
> Not trivially.

But wouldn't you be able to make your application feed the packet that
filtered through the BPF back to the kernel, modified as needed?

There is a kernel/userland network packet interface that I've never
looked into. If worse comes to worse, you'll have to open a pty, and
shove the packet, ppp encapsulated onto that....


If it's there and you can see it, it's REAL      |  |
If it's there and you can't see it, it's TRANSPARENT |  Tel: +31-15-2137555  |
If it's not there and you can see it, it's VIRTUAL   |__FAX:_+31-15-2138217  |
If it's not there and you can't see it, it's GONE! -- Roy Wilks, 1983  |_____|

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to