BRO, BPF and FreeBSD 5.4

Hi All,

I didn't see this issue addressed on the list before, but my apologies
if I missed something. I relatively new to FreeBSD, but not to
UN*X/Linux in general. I realize that BRO is developed on FreeBSD 4.x
and not 'officially' supported on other versions, but due to security
etc... I'd like to run it on the latest STABLE version (5.4).

As you are probably aware, FreeBSD 5.x uses devfs and there is no
longer a MAKEDEV command. I have BPF support enabled in my kernel
config file, but no BPF devices exist. Bro_config detects this and
offers to create them for me, but uses the MAKEDEV script.

I've scoured Google, newsgroups, forums and the official FreeBSD
documents, but can't seem to find how to manually create the BPF
devices. I assume that this is pretty trivial, but I don't see what
I'm missing. I also assume that Vern is intimately familiar with BPF
from his association with LBL and his impressive portfolio of tools
and projects. Any assistance would be appreciated!

Thanks,

Mike

Mike,
you might want to try something like this, which will
allow BSD to dynamicly add the bpf devices as needed
(i.e. when bro/tcpdump/etc. tries to open them)

% devfs rule add path "bpf*" mode 660 user wheel

This has been added into the newest/latest/greatest bro.
So expect it to work in the next release.

Cheers,
jason

PS you can man devfs for many, many more options.

Mike Weaver wrote:

I use the following script in /usr/local/etc/rc.d to setup bpf,
since I couldn't seem to get /etc/devfs.conf to work correctly.
You'll need to add the bro user to the bpf group.

I think the problem with /etc/devfs.conf is two fold:
1) it doesn't do wildcards, so you have to explicitly add each bpf device to it
2) I couldn't dynamically source it, if i changed it, i had to reboot !

Cheers,
jason

John Webster wrote: