On Tue, Apr 30, 2013 at 8:24 AM, <w...@sourcearmory.com> wrote: > Hi! > > I need some help, currently I'm working in a project where I want to > capture and process some network packets before the kernel. I have searched > but I have found nothing. > > Is there some way to capture the packets before the kernel ? > > This is a rather odd question. The device drivers which are the codes that do all direct communication with the interfaces are part of the kernel in most all operating systems. This is technically not required, but I have not run into an OS that did not work this way in many years. (Digital's IAS used user mode handlers to talk to interfaces, but it has been obsolete for a quarter century.) Even there, the kernel contained the basic interrupt routine (very simple) as a part of the kernel to hand the data to the handler.
If you want to see the raw data, the PCAP code will capture the data very early after it is received by the kernel, but the kernel still must do this as it and only actually can "talk" to the interface and receive data. -- R. Kevin Oberman, Network Engineer E-mail: rkober...@gmail.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
