How to get more than one bpf device?

[vincepoy]

Greetings everyone:

I was wondering what's the correct way to get more than one bpf device like what if I needed 3? the kernel config notes file in src/sys/conf/CONF only states:

#  The `bpf' device enables the Berkeley Packet Filter.  Be
#  aware of the legal and administrative consequences of enabling this   
#  option.  The number of devices determines the maximum number of
#  simultaneous BPF clients programs runnable.  DHCP requires bpf.
device          bpf

which I assumes creates one bpf device, do I simply change it to:

device bpf 3

 

[DutchDaemon]

Haven't seen that used in ages, but it might still work. There's always devfs(5) or even mknod(8).

 

[vincepoy]

I mean the thing is that device bpf is part of the GENERIC kernel but I wonder is that limited to one bpf device. I'm already using devfs(5) and bpf* is listed as follows:

root@bigbang [3][/home/vince] >> dir /dev/bpf*
crw-------  1 root  wheel  -   0,  12 Feb  3 14:12 /dev/bpf
lrwxr-xr-x  1 root  wheel  -        3 Feb  3 14:12 /dev/bpf0 -> bpf

NOTES in the kernel config file seems as noted in my original post above seems to indicate "The number of devices determines the maximum number of simultaneous BPF clients programs runnable." so I wonder do you have to specify the maximum number of bpf devices or is the number of devices based on the number of physical devices available?

 

[vincepoy]

Just tried putting:

device          bpf 4            # Berkeley packet filter

in the kernel config but when I tried a buildkernel, it gives a syntax error so it seems like "device bpf" is all that is allowed in the config. Not sure if mknod is even needed as /dev/bpf0 is a symlink to /dev/bpf so probably a symlink for /dev/bpf1 going to bpf would work also, thought everything in /dev was supposed to be automatically created?

 

[smarty]

I'm sure mine's not the best solution, but it works for what I'm doing.

Add the following to /etc/devfs.conf and reboot

own     bpf0    root:capture
perm    bpf0    0640
own     bpf1    root:capture
perm    bpf1    0640
own     bpf2    root:capture
perm    bpf2    0640

...

 

[mdhughes]

I used the /etc/devfs.rules file to set the group to bpf and unhide the files on reboot.

[localrules=10]
add path 'bpf0' unhide mode 0640 group bpf
add path 'bpf1' unhide mode 0640 group bpf

 

[vincepoy]

I don't have a problem creating the devices in /dev but how do I get the system to use anything past bpf0 as with the trafshow port, it seems to ask me to pick a interface rather than allowing it to monitor all network interfaces as mentioned in the manpage.

 

[smarty]

I used the /etc/devfs.rules file to set the group to bpf and unhide the files on reboot.

[localrules=10]
add path 'bpf0' unhide mode 0640 group bpf
add path 'bpf1' unhide mode 0640 group bpf

I like that. I am using bpf* instead.

 

[t4z3v4r3d]

Hello there.
I want to install nessus scanner on my BSD box , but the device /dev/bpf* is not enough!
and nessus installer says : more than 40 device(s) is needed !? how can i make device (mknod) when i don't know the major value for /dev/bpf* , and what is the best solution ?

I'm Using FreeBSD 8.1 stable ....
No idea ?

Thanks all