From owner-freebsd-net@FreeBSD.ORG Mon Oct 17 22:14:46 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0253416A41F for ; Mon, 17 Oct 2005 22:14:46 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 898E943D46 for ; Mon, 17 Oct 2005 22:14:45 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id j9HMEdVP027317; Mon, 17 Oct 2005 15:14:39 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id j9HMEdsq027316; Mon, 17 Oct 2005 15:14:39 -0700 Date: Mon, 17 Oct 2005 15:14:39 -0700 From: Brooks Davis To: Peter Wood Message-ID: <20051017221439.GJ15097@odin.ac.hmc.edu> References: <4353A2F5.8040108@alastria.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4353A2F5.8040108@alastria.net> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.0 required=8.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on odin.ac.hmc.edu Cc: net@freebsd.org Subject: Re: More then 32 bfp devices on Freebsd 5.4-RELEASE-p7 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2005 22:14:46 -0000 On Mon, Oct 17, 2005 at 02:11:17PM +0100, Peter Wood wrote: > Good Afternoon, > > I'm now working at a large UK university in their network support > department, as such one of my duties is to monitor the residences > network. To this end I have a cloned nic for every vlan that we have on > resnet. It roughly comes to over 50 vlans, and FreeBSD its self copes > very nicely. > > However I've run into a small problem when using nmap (and a tiny one in > Ethereal). Unless you specify the source address and source interface > for scans nmap will open every network device with bpf. The problem > comes when it hits the 33rd interface to open, nmap exits. > > [eclair:~]# nmap -P0 -p 1-65535 -sS 10.34.96.168 > Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-17 14:03 BST > getinterfaces: Failed to open ethernet interface (resnet737) > QUITTING! > > If I truss I get the following: > > open("/dev/bpf29",0x1,01002230274) ERR#16 'Device busy' > open("/dev/bpf30",0x1,01002230274) ERR#16 'Device busy' > open("/dev/bpf31",0x1,01002230274) ERR#16 'Device busy' > write(2,0xbfbfab40,60) = 60 (0x3c) > getinterfaces: Failed to open ethernet interface (resnet737) > > So the question is, how can I allow more then 32 bpf devices, in the old > 4.X series I'd have just tagged a number on the end of the kernel line. Hmm, I can create more than 32 devices here and the only place the code returns EBUSY is where more than one process attempts to open the same device so there's something unobvious going on in nmap. There should be no real practical limit on bpf devices. -- Brooks