A number of people have confused the "packet filter" work done by Jeff
Mogul and now available as the Berkeley Packet Filter (BPF) in the
Net/2 release with a "packet screen".
The "packet filter" available in Ultrix or as BPF is a flexible
kernel-resident packet demultiplexer. A user process specifies a set
of rules to select/"filter" the packets it wants to see and the packet
filter will pass only those packets up to the process. This is the
mechanism that is used by programs like TCPdump. Forwarding packets
through user-space is not efficient.
A "packet screen", on the other hand, is a mechanism for the kernel to
determine whether to forward a packet. Before a packet is forwarded a
daemon is passed the packet header and asked whether forwarding is OK.
A yes or no response is sent back to the kernel. Ultrix's screend
and SGI's ipfilterd are implementations of packet screens.
If you would like an abstract of the paper "The Packet Filter: An
Efficient Mechanism for User-level Network Code" send mail to
COM with the subject "send abstract 87/2".
To get the postscript file of the report send a message with the
subject "send postscript 87/2". (Send these requests to
wrl-techreports not nsl-techreports!)
If you would like more information on the Ultrix "packet screen" you
can get a copy of the paper "Using screend to Implement IP/TCP
Security Policies" by sending mail to NSL-TECHREPORTS @
with the subject "send postscript TN-2". To just get the abstract
send a message with the subject "send abstract TN-2". (Remember, send
these requests to nsl-techreports not wrl-techreports.)