This directory contains a loadable kernel server (LKS) that implements the Berkley Packet Filter (BPF). This filter, when used in conjunction with a user level monitor such as tcpdump, will allow one to capture and decode the raw packets that flow over interfaces. This specific LKS is designed to work only with PPP. If you want to use BPF, you must first make, install, and load this LKS _BEFORE_ you attempt to load the PPP LKS. This is a first release of this code. I don't expect it to be perfect. Because of NeXT's lack of support for m68k machines, we are unable to use the driver kit functions. So, since BPF requires the use of special characters devices, I have choosen the number 32 to represent the major device number. Before you do anything, goto your /dev/ directory and execute 'ls -al'. You should see a listing similar to: crw-rw-rw- 1 root 10, 0 Nov 11 22:00 ev0 crw--w--w- 1 perkins 40, 0 Nov 11 22:00 evs0 brw-rw---- 1 root 1, 0 Nov 11 22:00 fd0a brw-rw---- 1 root 1, 8 Nov 11 22:00 fd1a crw-r--r-- 1 root 41, 64 Nov 11 22:00 fdc0 brw-r----- 1 root 3, 0 Nov 11 21:59 hd0a The 'c' or 'b' in the permissions section indicates whether the device is a character special device or a block special device. The first number (where the file owner usually appears) indicates the special device major number and the second number (where the group usually appears on an 'ls -alg') indicates the minor number. Make sure no files use the major number 32. If they do, then you must choose an unused number and use that instead. Edit the file ./bpf.h and modify the value of BPF_MAJOR_CHAR appropriately. Now, make and install the bpf LKS. Edit /etc/rc.local and load the LKS by adding lines like: # # Load the Berkley Packet Filter LKS # This must be done before PPP # if [ -f /usr/local/bpf/reloc/bpf_reloc ]; then /usr/etc/kl_util -a /usr/local/bpf/reloc/bpf_reloc fi As a final step, you must create the necessary special devices. If you chaged the major number, substitute the appropriate number for 32. We must create NBPFILTER devices (whatever number you used in the Makefile). /usr/etc/mknod /dev/bpf0 c 32 0 /usr/etc/mknod /dev/bpf1 c 32 1 /usr/etc/mknod /dev/bpf2 c 32 2 /usr/etc/mknod /dev/bpf3 c 32 3 ... etc... BUGS: Loading and Unloading the PPP LKS can cause BPF to run out of interfaces. BPF needs better support detachment of an interface. Non-blocking IO setting seem to have bugs under 3.3. Under 3.2 the condition: if (uio->uio_fmode & FNDELAY) works just fine. However, under 3.3 this condition returns true even when I have verified (at user level) that the file was NOT opened non-blocking. Thus, I have disabled NON-BLOCKING reads from this dist. If you want them, get back to me and I'll see if I can track down the reason for the problem and provide a real fix.