Now is the time for all good parties to come to the aid of man.)
Eric St.John wrote:
I'm trying to use libpcap in Darwin (uses bpf). In order to capture the packets, I must have read acess to the /dev/bpf* files. I can chmod these, but as soon as I reboot their privledges are reset! Any ideas?
One idea would be to port the current FreeBSD devfs to Darwin; that version, unlike the Darwin one which is based on an older FreeBSD devfs, has a configuration file, letting you control the initial permissions, ownership, etc. on devices from a file (that's done by the devfs command).
If you do that, submit the work in a bug to Apple.
Another idea would be to see where devfs gets mounted, and, if it's done in one of the rc files or something run from one of the rc files, put in a chmod or chown after that point.
I would also like to get a larger bpf buffer size. I call ioctl(fd, BIOCSBLEN, (caddr_t)&v); with v initially equal to 64 MB. After the call v is changed to 32 K and a call with BIOCGBLEN confirms this.
$ uname -sr Darwin 7.5.0 $ sysctl debug.bpf_maxbufsize debug.bpf_maxbufsize: 32768
Is there anything I can do (short of recompiling Darwin) to get around this?
Use "sysctl" to increase "debug.bpf_maxbufsize" (that's actually a generic BSD answer, but some of the other BSDs might have increased the maximum).
One last thing, I noticed in some other mails this month that eliminating timestamping will increase performance of bpf. I don't use this feature of bpf, is there a way for me to turn it off in Darwin?
I suspect they either said, or at least meant, "increase performance of packet capture" (referring to the general process, not specifically to BPF) or "*would* increase performance of BPF"; BPF has no mechanism to avoid time stamping packets.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
