This talk will cover internals of the PF_PACKET socket in the Linux kernel, in particular the packet mmap() mechanism ("zero-copy") that is used to improve packet capturing and transmission performance from user space. In addition to that, the Berkeley Packet Filter will be partially covered with its built-in kernel space "virtual machine" and just-in-time compiler. As an application on top of that, the netsniff-ng toolkit will be presented (http://netsniff-ng.org/), which can be used to facilitate a network developer's daily kernel plumbing, but also the daily work of system administrators or security consultants.
