Berkeley Packet Filter - Wikipedia
The Berkeley Packet Filter (BPF; also BSD Packet Filter, classic BPF or cBPF) is a network tap and packet filter which permits computer network packets to be captured and filtered at the …
BPF Documentation — The Linux Kernel documentation
This directory contains documentation for the BPF (Berkeley Packet Filter) facility, with a focus on the extended BPF version (eBPF). This kernel side documentation is still work in progress.
bpf (2) - Linux manual page - man7.org
Extended BPF (or eBPF) is similar to the original ("classic") BPF (cBPF) used to filter network packets.
BPF in Linux Explained: How Berkeley Packet Filter and eBPF Work
Apr 14, 2025 · What are BPF and eBPF? BPF or Berkley Packet Filter is a virtual machine inside the OS kernel, which allows you to load arbitrary code into it. The algorithm of this solution is …
Berkeley packet filters - IBM
Berkeley Packet Filters (BPF) provide a powerful tool for intrusion detection analysis. Use BPF filtering to quickly reduce large packet captures to a reduced set of results by filtering based on …
bpf (4) - NetBSD Manual Pages
Sep 8, 2025 · The Berkeley Packet Filter provides a raw interface to data link layers. in a protocol independent fashion. All packets on the network, even. those destined for other hosts, are …
BPF | Berkeley Packet Filter explained - IONOS
Jun 5, 2020 · The Berkeley Packet Filter (BPF) or Berkeley Filter is relevant for all Unix-like operating systems, such as Linux. The main task of the special-purpose virtual machine, …