请问Libpcap和BPF是什么关系？

Illidan

我去www.tcpdump.org和其它一些� ... �也没理明白。

有这样一段话：
The Berkeley Packet Filter provides a raw interface to data link layers in a protocol independent fashion.

BPF是不是内核中的一些函数？

tethereal的过滤规则，如
host 192.168.199.186 and not broadcast and not arp and and udp and port 5060
是不是调用了BPF的API来实现的呢？

:thank

rickxbx

The Berkeley Packet Filter is a mechanism built into the BSD kernel to capture packets passing through its network interfaces.
from： http://www.knossos.net.nz/ipacc/ipacc15.html


The Packet Capture Library (libpcap) provides an alternative to the Berkeley Packet Filter for systems that do not support BPF directly. Note that on BSD systems, libpcap simply provides an interface to BPF. libpcap was developed as part of the tcpdump tool, used on many systems for network troubleshooting.
from： http://www.knossos.net.nz/ipacc/ipacc16.html