Berkeley Packet Filter - Wikipedia
The Berkeley Packet Filter (BPF; also BSD Packet Filter, classic BPF or cBPF) is a network tap and packet filter which permits computer network packets to be captured and filtered at the …
Linux Socket Filtering aka Berkeley Packet Filter (BPF)
Linux Socket Filtering (LSF) is derived from the Berkeley Packet Filter. Though there are some distinct differences between the BSD and Linux Kernel filtering, but when we speak of BPF or …
Berkeley packet filters - IBM
Berkeley Packet Filters (BPF) provide a powerful tool for intrusion detection analysis. Use BPF filtering to quickly reduce large packet captures to a reduced set of results by filtering based on …
bpf (2) - Linux manual page - man7.org
Extended BPF (or eBPF) is similar to the original ("classic") BPF (cBPF) used to filter network packets.
BPF in Linux Explained: How Berkeley Packet Filter and eBPF Work
Apr 14, 2025 · What are BPF and eBPF? BPF or Berkley Packet Filter is a virtual machine inside the OS kernel, which allows you to load arbitrary code into it. The algorithm of this solution is …
bpf (4) - NetBSD Manual Pages
Sep 8, 2025 · The Berkeley Packet Filter provides a raw interface to data link layers. in a protocol independent fashion. All packets on the network, even. those destined for other hosts, are …
Linux Extended BPF (eBPF) Tracing Tools - Brendan Gregg
The BPF program has two ways to pass measured data back to user space: either per-event details, or via a BPF map. BPF maps can implement arrays, associative arrays, and …