[Bro] BRO, BPF and FreeBSD 5.4

Jason R. Lee JRLee at lbl.gov
Thu Oct 20 13:21:12 PDT 2005

you might want to try something like this, which will
allow BSD to dynamicly add the bpf devices as needed
(i.e. when bro/tcpdump/etc. tries to open them)

% devfs rule add path "bpf*" mode 660 user wheel

This has been added into the newest/latest/greatest bro.
So expect it to work in the next release.


PS you can man devfs for many, many more options.

Mike Weaver wrote:

>Hi All,
>I didn't see this issue addressed on the list before, but my apologies
>if I missed something.  I relatively new to FreeBSD, but not to
>UN*X/Linux in general.  I realize that BRO is developed on FreeBSD 4.x
>and not 'officially' supported on other versions, but due to security
>etc... I'd like to run it on the latest STABLE version (5.4).
>As you are probably aware, FreeBSD 5.x uses devfs and there is no
>longer a MAKEDEV command.  I have BPF support enabled in my kernel
>config file, but no BPF devices exist.  Bro_config detects this and
>offers to create them for me, but uses the MAKEDEV script.
>I've scoured Google, newsgroups, forums and the official FreeBSD
>documents, but can't seem to find how to manually create the BPF
>devices.  I assume that this is pretty trivial, but I don't see what
>I'm missing.  I also assume that Vern is intimately familiar with BPF
>from his association with LBL and his impressive portfolio of tools
>and projects.  Any assistance would be appreciated!
>Mike Weaver
>US Department of Energy
>Germantown Building
>Voice: 301-903-0072
>Fax: 301-528-7774
>Email: weaver at mics.doe.gov  
>Bro mailing list
>bro at bro-ids.org

More information about the Bro mailing list