This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

On macOS, ChmodBPF adds new BPF devices at boot only

0

The script ChmodBPF creates new /dev/bpf interfaces and set specific permissions thanks to the code:

while [ "$CUR_DEV" -lt "$FORCE_CREATE_BPF_MAX" ] ; do
    # Try to do the minimum necessary to trigger the next device.
    read -n 0 < /dev/bpf$CUR_DEV > /dev/null 2>&1
    CUR_DEV=$(( $CUR_DEV + 1 ))
done

I've deleted /dev/bpf250, and launched ChmodBPF as root, but "read -n 0 < /dev/bpf249" doesn't create /dev/bpf250.

I rebooted macOS, and this time the script created /dev/bpf250.

What prevents the manual execution of ChmodBPF as root to create new BPF devices?

asked 27 Jul '16, 05:14

TomLaBaude's gravatar image

TomLaBaude
66171724
accept rate: 66%


One Answer:

0

I've deleted /dev/bpf250, and launched ChmodBPF as root, "read -n 0 < /dev/bpf249" doesn't create /dev/bpf250

The relevant code only creates a BPF device if the device number is greater than the maximum device number ever created; it doesn't fill in artificially-created holes in the BPF device number space.

(What Apple should do is implement a cloning BPF device, so that you can just open /dev/bpf and get a new BPF device; they'd still have to leave the old numbered devices, complete with the existing creation operation, for backwards compatibility, but they could and should then enable libpcap's support for the cloning device. Darwin does support cloning devices.)

answered 27 Jul '16, 17:35

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Interesting, so why a reboot creates /dev/bpf250? Is it another part of the code at boot? My goal was to be able to manually create a new bpf device like it does at boot...

(28 Jul '16, 03:01) TomLaBaude

Interesting, so why a reboot creates /dev/bpf250? Is it another part of the code at boot?

No, it's because /dev/bpf250 doesn't exist at boot time - the maximum device number ever created, at that point, is, as I remember, 4 (4 BPF devices are created by the BPF code at boot time). Therefore, attempts to open devices past /dev/bpf3 create new devices.

My goal was to be able to manually create a new bpf device like it does at boot...

If you want to create a device to replace one that you removed, you would have to do so manually with the mknod command. If you want to create additional devices beyond the ones that ChmodBPF created, you'd have to modify ChmodBPF to raise the value of FORCE_CREATE_BPF_MAX to the maximum device number you want.

(28 Jul '16, 10:58) Guy Harris ♦♦