Re: More then 32 bfp devices on Freebsd 5.4-RELEASE-p7

• Previous message: Brooks Davis: "Re: fwe -> fwip in GENERIC?"
• In reply to: Peter Wood: "More then 32 bfp devices on Freebsd 5.4-RELEASE-p7"
• Next in thread: Yar Tikhiy: "Re: More then 32 bfp devices on Freebsd 5.4-RELEASE-p7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 17 Oct 2005 15:14:39 -0700
To: Peter Wood <peter@alastria.net>

On Mon, Oct 17, 2005 at 02:11:17PM +0100, Peter Wood wrote:
> Good Afternoon,
>
> I'm now working at a large UK university in their network support
> department, as such one of my duties is to monitor the residences
> network. To this end I have a cloned nic for every vlan that we have on
> resnet. It roughly comes to over 50 vlans, and FreeBSD its self copes
> very nicely.
>
> However I've run into a small problem when using nmap (and a tiny one in
> Ethereal). Unless you specify the source address and source interface
> for scans nmap will open every network device with bpf. The problem
> comes when it hits the 33rd interface to open, nmap exits.
>
> [eclair:~]# nmap -P0 -p 1-65535 -sS 10.34.96.168
> Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-17 14:03 BST
> getinterfaces: Failed to open ethernet interface (resnet737)
> QUITTING!
>
> If I truss I get the following:
>
> open("/dev/bpf29",0x1,01002230274) ERR#16 'Device busy'
> open("/dev/bpf30",0x1,01002230274) ERR#16 'Device busy'
> open("/dev/bpf31",0x1,01002230274) ERR#16 'Device busy'
> write(2,0xbfbfab40,60) = 60 (0x3c)
> getinterfaces: Failed to open ethernet interface (resnet737)
>
> So the question is, how can I allow more then 32 bpf devices, in the old
> 4.X series I'd have just tagged a number on the end of the kernel line.

Hmm, I can create more than 32 devices here and the only place the code
returns EBUSY is where more than one process attempts to open the same
device so there's something unobvious going on in nmap. There should be
no real practical limit on bpf devices.

-- Brooks
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Brooks Davis: "Re: fwe -> fwip in GENERIC?"
• In reply to: Peter Wood: "More then 32 bfp devices on Freebsd 5.4-RELEASE-p7"
• Next in thread: Yar Tikhiy: "Re: More then 32 bfp devices on Freebsd 5.4-RELEASE-p7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: More then 32 bfp devices on Freebsd 5.4-RELEASE-p7 ... > I'm now working at a large UK university in their network support ... > for scans nmap will open every network device with bpf. ... > getinterfaces: Failed to open ethernet interface ... (freebsd-net) More then 32 bfp devices on Freebsd 5.4-RELEASE-p7 ... I'm now working at a large UK university in their network support ... for scans nmap will open every network device with bpf. ... getinterfaces: Failed to open ethernet interface ... (freebsd-net) RE: Nmap output ... Try using Nlog. ... NLog is a set of PERL scripts for managing and analyzing your nmap 2.0+ ... web based service gateway to an internal network. ... (Pen-Test) Re: Scanning Class A network ... About point 2, i recommend you Nmap... ... >network to identify hosts and ports exposed to the Internet. ... >Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ... (Pen-Test) Re: Advice on Fastest NMAP Scan ... Good to see you on here Fyodor. ... make sure that you are using Nmap 3.75. ... or just a local network? ... > shouldn't be any problem at all for regular scanning. ... (Security-Basics)