From owner-freebsd-net@FreeBSD.ORG Tue Oct 18 05:21:25 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4D7716A41F for ; Tue, 18 Oct 2005 05:21:25 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id D499D43D45 for ; Tue, 18 Oct 2005 05:21:24 +0000 (GMT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.13.3/8.13.3) with ESMTP id j9I5LH74087432; Tue, 18 Oct 2005 09:21:18 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.13.3/8.13.3/Submit) id j9I5LHQZ087431; Tue, 18 Oct 2005 09:21:17 +0400 (MSD) (envelope-from yar) Date: Tue, 18 Oct 2005 09:21:16 +0400 From: Yar Tikhiy To: Peter Wood Message-ID: <20051018052116.GI40896@comp.chem.msu.su> References: <4353A2F5.8040108@alastria.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4353A2F5.8040108@alastria.net> User-Agent: Mutt/1.5.9i Cc: net@freebsd.org Subject: Re: More then 32 bfp devices on Freebsd 5.4-RELEASE-p7 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2005 05:21:25 -0000 On Mon, Oct 17, 2005 at 02:11:17PM +0100, Peter Wood wrote: > Good Afternoon, > > I'm now working at a large UK university in their network support > department, as such one of my duties is to monitor the residences > network. To this end I have a cloned nic for every vlan that we have on > resnet. It roughly comes to over 50 vlans, and FreeBSD its self copes > very nicely. > > However I've run into a small problem when using nmap (and a tiny one in > Ethereal). Unless you specify the source address and source interface > for scans nmap will open every network device with bpf. The problem > comes when it hits the 33rd interface to open, nmap exits. > > [eclair:~]# nmap -P0 -p 1-65535 -sS 10.34.96.168 > Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-17 14:03 BST > getinterfaces: Failed to open ethernet interface (resnet737) > QUITTING! > > If I truss I get the following: > > open("/dev/bpf29",0x1,01002230274) ERR#16 'Device busy' > open("/dev/bpf30",0x1,01002230274) ERR#16 'Device busy' > open("/dev/bpf31",0x1,01002230274) ERR#16 'Device busy' > write(2,0xbfbfab40,60) = 60 (0x3c) > getinterfaces: Failed to open ethernet interface (resnet737) > > So the question is, how can I allow more then 32 bpf devices, in the old > 4.X series I'd have just tagged a number on the end of the kernel line. This is an obvious regression in nmap 3.93, which wasn't there before. Here's the relevant part of eth-bsd.c found in nmap-3.93/libdnet-stripped/src: for (i = 0; i < 32; i++) { snprintf(file, sizeof(file), "/dev/bpf%d", i); e->fd = open(file, O_WRONLY); if (e->fd != -1 || errno != EBUSY) break; } -- Yar