You are here

Linux's packet mmap(2), BPF, and the Netsniff-NG toolkit

Submitted by ahf on Thu, 03/07/2013 - 22:33

This talk will cover internals of the PF_PACKET socket in the Linux kernel, in particular the packet mmap() mechanism ("zero-copy") that is used to improve packet capturing and transmission performance from user space. In addition to that, the Berkeley Packet Filter will be partially covered with its built-in kernel space "virtual machine" and just-in-time compiler. As an application on top of that, the netsniff-ng toolkit will be presented (, which can be used to facilitate a network developer's daily kernel plumbing, but also the daily work of system administrators or security consultants.

About the speaker

Schedule info
Daniel Borkmann