[Bro] BRO, BPF and FreeBSD 5.4

Jason R. Lee JRLee at lbl.gov
Thu Oct 20 13:45:35 PDT 2005 

I think the problem with /etc/devfs.conf is two fold:
 1) it doesn't do wildcards, so you have to explicitly add each bpf 
device to it
 2) I couldn't dynamically source it, if i changed it, i had to reboot !


Cheers,
jason


John Webster wrote:

>I use the following script in /usr/local/etc/rc.d to setup bpf,
>since I couldn't seem to get /etc/devfs.conf to work correctly.
>You'll need to add the bro user to the bpf group.
>
>==================
>#!/bin/sh
>
># name: 0devfs.sh  so it runs before bro
>
>case "$1" in
>    stop  )
>            ;;
>    start )
>                devfs ruleset 10
>                devfs rule add path "bpf*" mode 660 group bpf
>                devfs rule applyset
>            ;;
>esac
>
>===================
>
>
>--On Thursday, October 20, 2005 15:36:12 -0400 Mike Weaver <weaver at er.doe.gov> wrote:
>
>  
>
>>Hi All,
>>
>>I didn't see this issue addressed on the list before, but my apologies
>>if I missed something.  I relatively new to FreeBSD, but not to
>>UN*X/Linux in general.  I realize that BRO is developed on FreeBSD 4.x
>>and not 'officially' supported on other versions, but due to security
>>etc... I'd like to run it on the latest STABLE version (5.4).
>>
>>As you are probably aware, FreeBSD 5.x uses devfs and there is no
>>longer a MAKEDEV command.  I have BPF support enabled in my kernel
>>config file, but no BPF devices exist.  Bro_config detects this and
>>offers to create them for me, but uses the MAKEDEV script.
>>
>>I've scoured Google, newsgroups, forums and the official FreeBSD
>>documents, but can't seem to find how to manually create the BPF
>>devices.  I assume that this is pretty trivial, but I don't see what
>>I'm missing.  I also assume that Vern is intimately familiar with BPF
>>from his association with LBL and his impressive portfolio of tools
>>and projects.  Any assistance would be appreciated!
>>
>>Thanks,
>>
>>Mike
>>
>>--
>>Mike Weaver
>>US Department of Energy
>>MICS/SC-21.1
>>Germantown Building
>>Voice: 301-903-0072
>>Fax: 301-528-7774
>>Email: weaver at mics.doe.gov  
>>
>>_______________________________________________
>>Bro mailing list
>>bro at bro-ids.org
>>http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>>    
>>
>
>
>
>  
>

More information about the Bro mailing list