Hi,
I have put all my eggs in this basket so I am desperate to get this fixed. This may only be a tcpdump issue. If I have 19 interfaces tcpdump works as expected. If I have 20 or more it fails. First I try with 20 interfaces setup and I get: # tcpdump -nttt -i bge0 tcpdump: Failed to open bpf device for bge0: No such file or directory Now I remove one of them: # ifconfig gre140 destroy And now it works: # tcpdump -nttt -i bge0 tcpdump: listening on bge0, link-type EN10MB Sep 24 12:00:40.989192 CARPv2-advertise 20: vhid=7 advbase=1 advskew=100 demote=0 [tos 0xc0] Sep 24 12:00:41.156206 CARPv2-advertise 36: vhid=1 advbase=1 advskew=20 demote=0 [tos 0x10] I need to have around 50 total interfaces to complete the project and I need tcpdump. Pf still seems to find them for redirects so I am not sure if it's an OS issue or a tcpdump issue. Please help, Carl Technical data: # uname -a OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64 # ifconfig -a lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192 groups: lo inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:09:3d:11:9b:0d groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 65.44.125.15 netmask 0xffffff00 broadcast 65.44.125.255 inet6 fe80::209:3dff:fe11:9b0d%bge0 prefixlen 64 scopeid 0x1 bge1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:09:3d:11:9b:0e media: Ethernet autoselect (1000baseT full-duplex) status: active inet 159.212.73.15 netmask 0xffffff80 broadcast 159.212.73.127 inet6 fe80::209:3dff:fe11:9b0e%bge1 prefixlen 64 scopeid 0x2 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:04:23:ae:17:c4 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.63.57 netmask 0xffffff00 broadcast 192.168.63.255 inet6 fe80::204:23ff:feae:17c4%em0 prefixlen 64 scopeid 0x3 em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:04:23:ae:17:c5 media: Ethernet autoselect (none) status: no carrier pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33192 enc0: flags=0<> mtu 1536 pfsync0: flags=0<> mtu 1460 pfsync: syncdev: em0 syncpeer: 192.168.63.56 maxupd: 128 groups: carp pfsync gre1: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 159.212.48.152 inet6 fe80::209:3dff:fe11:9b0d%gre1 -> prefixlen 64 scopeid 0xb inet 192.168.0.1 --> 192.168.1.1 netmask 0xffffffff gre126: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 159.212.48.111 inet6 fe80::209:3dff:fe11:9b0d%gre126 -> prefixlen 64 scopeid 0xc inet 192.168.0.126 --> 192.168.1.126 netmask 0xffffffff gre132: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.140.253.251 inet6 fe80::209:3dff:fe11:9b0d%gre132 -> prefixlen 64 scopeid 0xf inet 192.168.0.132 --> 192.168.1.132 netmask 0xffffffff gre112: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.192.15.15 inet6 fe80::209:3dff:fe11:9b0d%gre112 -> prefixlen 64 scopeid 0x10 inet 192.168.0.112 --> 192.168.1.112 netmask 0xffffffff gre146: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 159.212.187.7 inet6 fe80::209:3dff:fe11:9b0d%gre146 -> prefixlen 64 scopeid 0x11 inet 192.168.0.146 --> 192.168.1.146 netmask 0xffffffff gre110: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.108.8.7 inet6 fe80::209:3dff:fe11:9b0d%gre110 -> prefixlen 64 scopeid 0x17 inet 192.168.0.110 --> 192.168.1.110 netmask 0xffffffff gre114: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.108.16.60 inet6 fe80::209:3dff:fe11:9b0d%gre114 -> prefixlen 64 scopeid 0x18 inet 192.168.0.114 --> 192.168.1.114 netmask 0xffffffff gre142: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.108.40.10 inet6 fe80::209:3dff:fe11:9b0d%gre142 -> prefixlen 64 scopeid 0x1d inet 192.168.0.142 --> 192.168.1.142 netmask 0xffffffff gre118: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.108.24.45 inet6 fe80::209:3dff:fe11:9b0d%gre118 -> prefixlen 64 scopeid 0x1f inet 192.168.0.118 --> 192.168.1.118 netmask 0xffffffff carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:00:5e:00:01:01 carp: BACKUP carpdev bge0 vhid 1 advbase 1 advskew 200 groups: carp inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x8 inet 65.44.125.16 netmask 0xffffff00 broadcast 65.44.125.255 carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:00:5e:00:01:02 carp: BACKUP carpdev bge1 vhid 2 advbase 1 advskew 200 groups: carp inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x9 inet 159.212.73.16 netmask 0xffffff80 broadcast 159.212.73.127 # cat sysctl.conf # $OpenBSD: sysctl.conf,v 1.42 2007/02/15 20:43:33 reyk Exp $ # # This file contains a list of sysctl options the user wants set at # boot time. See sysctl(3) and sysctl(8) for more information on # the many available variables. # net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0) #net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions (for if tcp is slow) #net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window increasing #net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol #net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol #net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol #net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol #net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension net.inet.gre.allow=1 net.inet.gre.wccp=1 net.inet.carp.allow=1 net.inet.carp.preempt=1 # 1=Enable carp(4) preemption #net.inet.carp.log=1 # 1=Enable logging of carp(4) packets #ddb.panic=0 # 0=Do not drop into ddb on a kernel panic #ddb.console=1 # 1=Permit entry of ddb from the console #fs.posix.setuid=0 # 0=Traditional BSD chown() semantics #vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap #vfs.nfs.iothreads=4 # number of nfsio kernel threads #net.inet.ip.mtudisc=0 # 0=disable tcp mtu discovery #kern.usercrypto=0 # 0=disable userland use of /dev/crypto #kern.splassert=2 # 2=enable with verbose error messages #machdep.allowaperture=2 # See xf86(4) #machdep.kbdreset=1 # permit console CTRL-ALT-DEL to do a nice halt |
Some more info. I downloaded version 3.9.8 of tcpdump from www.tcpdump.org
and built it. It gives the following error: # /usr/local/tcpdump/sbin/tcpdump -nttt -i bge0 tcpdump: /dev/bpf10: No such file or directory When I look in /dev I see bpf0 through bpf9. Hope this helps. Thanks, Carl -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Carl Horne Sent: Wednesday, September 24, 2008 12:13 PM To: [hidden email] Subject: Does OpenBSD only allow 19 Interfaces Hi, I have put all my eggs in this basket so I am desperate to get this fixed. This may only be a tcpdump issue. If I have 19 interfaces tcpdump works as expected. If I have 20 or more it fails. First I try with 20 interfaces setup and I get: # tcpdump -nttt -i bge0 tcpdump: Failed to open bpf device for bge0: No such file or directory Now I remove one of them: # ifconfig gre140 destroy And now it works: # tcpdump -nttt -i bge0 tcpdump: listening on bge0, link-type EN10MB Sep 24 12:00:40.989192 CARPv2-advertise 20: vhid=7 advbase=1 advskew=100 demote=0 [tos 0xc0] Sep 24 12:00:41.156206 CARPv2-advertise 36: vhid=1 advbase=1 advskew=20 demote=0 [tos 0x10] I need to have around 50 total interfaces to complete the project and I need tcpdump. Pf still seems to find them for redirects so I am not sure if it's an OS issue or a tcpdump issue. Please help, Carl Technical data: # uname -a OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64 # ifconfig -a lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192 groups: lo inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:09:3d:11:9b:0d groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 65.44.125.15 netmask 0xffffff00 broadcast 65.44.125.255 inet6 fe80::209:3dff:fe11:9b0d%bge0 prefixlen 64 scopeid 0x1 bge1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:09:3d:11:9b:0e media: Ethernet autoselect (1000baseT full-duplex) status: active inet 159.212.73.15 netmask 0xffffff80 broadcast 159.212.73.127 inet6 fe80::209:3dff:fe11:9b0e%bge1 prefixlen 64 scopeid 0x2 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:04:23:ae:17:c4 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.63.57 netmask 0xffffff00 broadcast 192.168.63.255 inet6 fe80::204:23ff:feae:17c4%em0 prefixlen 64 scopeid 0x3 em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:04:23:ae:17:c5 media: Ethernet autoselect (none) status: no carrier pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33192 enc0: flags=0<> mtu 1536 pfsync0: flags=0<> mtu 1460 pfsync: syncdev: em0 syncpeer: 192.168.63.56 maxupd: 128 groups: carp pfsync gre1: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 159.212.48.152 inet6 fe80::209:3dff:fe11:9b0d%gre1 -> prefixlen 64 scopeid 0xb inet 192.168.0.1 --> 192.168.1.1 netmask 0xffffffff gre126: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 159.212.48.111 inet6 fe80::209:3dff:fe11:9b0d%gre126 -> prefixlen 64 scopeid 0xc inet 192.168.0.126 --> 192.168.1.126 netmask 0xffffffff gre132: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.140.253.251 inet6 fe80::209:3dff:fe11:9b0d%gre132 -> prefixlen 64 scopeid 0xf inet 192.168.0.132 --> 192.168.1.132 netmask 0xffffffff gre112: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.192.15.15 inet6 fe80::209:3dff:fe11:9b0d%gre112 -> prefixlen 64 scopeid 0x10 inet 192.168.0.112 --> 192.168.1.112 netmask 0xffffffff gre146: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 159.212.187.7 inet6 fe80::209:3dff:fe11:9b0d%gre146 -> prefixlen 64 scopeid 0x11 inet 192.168.0.146 --> 192.168.1.146 netmask 0xffffffff gre110: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.108.8.7 inet6 fe80::209:3dff:fe11:9b0d%gre110 -> prefixlen 64 scopeid 0x17 inet 192.168.0.110 --> 192.168.1.110 netmask 0xffffffff gre114: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.108.16.60 inet6 fe80::209:3dff:fe11:9b0d%gre114 -> prefixlen 64 scopeid 0x18 inet 192.168.0.114 --> 192.168.1.114 netmask 0xffffffff gre142: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.108.40.10 inet6 fe80::209:3dff:fe11:9b0d%gre142 -> prefixlen 64 scopeid 0x1d inet 192.168.0.142 --> 192.168.1.142 netmask 0xffffffff gre118: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476 groups: gre physical address inet 159.212.73.16 --> 10.108.24.45 inet6 fe80::209:3dff:fe11:9b0d%gre118 -> prefixlen 64 scopeid 0x1f inet 192.168.0.118 --> 192.168.1.118 netmask 0xffffffff carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:00:5e:00:01:01 carp: BACKUP carpdev bge0 vhid 1 advbase 1 advskew 200 groups: carp inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x8 inet 65.44.125.16 netmask 0xffffff00 broadcast 65.44.125.255 carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:00:5e:00:01:02 carp: BACKUP carpdev bge1 vhid 2 advbase 1 advskew 200 groups: carp inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x9 inet 159.212.73.16 netmask 0xffffff80 broadcast 159.212.73.127 # cat sysctl.conf # $OpenBSD: sysctl.conf,v 1.42 2007/02/15 20:43:33 reyk Exp $ # # This file contains a list of sysctl options the user wants set at # boot time. See sysctl(3) and sysctl(8) for more information on # the many available variables. # net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0) #net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions (for if tcp is slow) #net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window increasing #net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol #net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol #net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol #net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol #net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension net.inet.gre.allow=1 net.inet.gre.wccp=1 net.inet.carp.allow=1 net.inet.carp.preempt=1 # 1=Enable carp(4) preemption #net.inet.carp.log=1 # 1=Enable logging of carp(4) packets #ddb.panic=0 # 0=Do not drop into ddb on a kernel panic #ddb.console=1 # 1=Permit entry of ddb from the console #fs.posix.setuid=0 # 0=Traditional BSD chown() semantics #vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap #vfs.nfs.iothreads=4 # number of nfsio kernel threads #net.inet.ip.mtudisc=0 # 0=disable tcp mtu discovery #kern.usercrypto=0 # 0=disable userland use of /dev/crypto #kern.splassert=2 # 2=enable with verbose error messages #machdep.allowaperture=2 # See xf86(4) #machdep.kbdreset=1 # permit console CTRL-ALT-DEL to do a nice halt |
In reply to this post by Carl Horne-2
On 2008-09-24, Carl Horne <[hidden email]> wrote:
> I have put all my eggs in this basket so I am desperate to get this fixed. > This may only be a tcpdump issue. If I have 19 interfaces tcpdump works as > expected. If I have 20 or more it fails. > > First I try with 20 interfaces setup and I get: > # tcpdump -nttt -i bge0 > tcpdump: Failed to open bpf device for bge0: No such file or directory I can't replicate if I just create 30 lo* interfaces and run tcpdump.. do you have other tcpdump running? how many bpf are in use? (fstat|grep bpf) - you know they need device nodes in /dev and by default you get 10? > I need to have around 50 total interfaces to complete the project and I need > tcpdump. Pf still seems to find them for redirects so I am not sure if it's > an OS issue or a tcpdump issue. More likely tcpdump/bpf. I think it's highly probable that there are people here running with many more interfaces (at least vlan) than that. > OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64 PF has improved greatly since 4.1, by the way. |
Stuart,
Thanks so much. I am using urlsnarf to log url requests and there is one instance running for each gre tunnel. I have a script that auto starts or stop one as soon as I added or removed a tunnel. So when I added a tunnel it would fire up a new instance breaking tcpdump. Removing the tunnel would kill an instance fixing tcpdump. I will have to figure out another way to get that data. Thanks for your help. Carl -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Stuart Henderson Sent: Wednesday, September 24, 2008 1:55 PM To: [hidden email] Subject: Re: Does OpenBSD only allow 19 Interfaces On 2008-09-24, Carl Horne <[hidden email]> wrote: > I have put all my eggs in this basket so I am desperate to get this fixed. > This may only be a tcpdump issue. If I have 19 interfaces tcpdump works as > expected. If I have 20 or more it fails. > > First I try with 20 interfaces setup and I get: > # tcpdump -nttt -i bge0 > tcpdump: Failed to open bpf device for bge0: No such file or directory I can't replicate if I just create 30 lo* interfaces and run tcpdump.. do you have other tcpdump running? how many bpf are in use? (fstat|grep bpf) - you know they need device nodes in /dev and by default you get 10? > I need to have around 50 total interfaces to complete the project and I need > tcpdump. Pf still seems to find them for redirects so I am not sure if it's > an OS issue or a tcpdump issue. More likely tcpdump/bpf. I think it's highly probable that there are people here running with many more interfaces (at least vlan) than that. > OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64 PF has improved greatly since 4.1, by the way. |
In reply to this post by Carl Horne-2
Carl Horne wrote:
> Some more info. I downloaded version 3.9.8 of tcpdump from www.tcpdump.org > and built it. It gives the following error: Carl, I think you are going down a more dangerous path then you might need to do here. You are mixing many things now. I would start first by running 4.3, or 4.4 if you are up for it and then do your setup with it. You are still running 4.1 "OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64" Witch is not supported anymore and you sure would have more chances to get help if you actually run supported version and also there was so many changes from that 4.1 version that you would be better serve anyway. PF got lots of changes, more efficient TCP stack, many changes in VLan, changes in pflog, etc, etc, etc... Help yourself and save yourself time by starting with what would help you first. Then if you still have issues, you are more likely to get help oppose to try to address old version. Very strongly consider this advise, specially if you need to run that many interfaces, witch looks like might be a more critical piece of your setup. So, help yourself and use newer version. Best, Daniel. |
In reply to this post by Carl Horne-2
On 2008/09/24 14:12, Carl Horne wrote:
> Stuart, > > Thanks so much. I am using urlsnarf to log url requests and there > is one instance running for each gre tunnel. I have a script that > auto starts or stop one as soon as I added or removed a tunnel. So > when I added a tunnel it would fire up a new instance breaking > tcpdump. Removing the tunnel would kill an instance fixing tcpdump. > I will have to figure out another way to get that data. Thanks for > your help. some options to try: - create new bpf device nodes (using /dev/MAKEDEV), though I'm not sure what the usable limit is. - in -current or the forthcoming 4.4 release, you can have PF log the packets to a pflog interface, and run urlsnarf on that interface. (a change was committed a few months ago to libnids, used by dsniff/urlsnarf, to permit capture on a pflog interface). Then you can e.g. "pass in log (all, to pflog1) to port 80" and run urlsnarf on pflog1; then you only have one BPF listener. I'm not sure, but I'd guess that overheads should be lower this way. (you could also use pflog0 of course, but you might prefer to split it off so you can continue to log your normal blocked traffic via pflogd. pflog1 doesn't normally exist, so you would have to create the interface too; echo up>/etc/hostname.pflog1). |
In reply to this post by Carl Horne-2
On 2008-09-24, Carl Horne <[hidden email]> wrote:
> Some more info. I downloaded version 3.9.8 of tcpdump from www.tcpdump.org > and built it. It gives the following error: Take care with non-OpenBSD versions of tcpdump, most (all?) still don't jail the protocol dissectors into an unprivileged process (note there are two processes showing in "ps" output with OpenBSD tcpdump, one is in a chroot jail in /var/empty running as user _tcpdump). |
In reply to this post by Carl Horne-2
On Wed, Sep 24, 2008 at 01:52:05PM -0600, Carl Horne wrote:
> Some more info. I downloaded version 3.9.8 of tcpdump from www.tcpdump.org > and built it. It gives the following error: this will likey not work. openbsd tcpdump is heavily modified from the upstream. there are parts of this you will want (pf related) which are not in the stock tcpdump. i'd be very suprised if it is functional at all. you should really upgrade to a supported version of openbsd, as others have suggested. cel > # /usr/local/tcpdump/sbin/tcpdump -nttt -i bge0 > tcpdump: /dev/bpf10: No such file or directory > > When I look in /dev I see bpf0 through bpf9. > > Hope this helps. > > Thanks, > Carl > -- Christopher Linn <celinn at mtu.edu> | By no means shall either the CEC System Administrator II | or MTU be held in any way liable Center for Experimental Computation | for any opinions or conjecture I Michigan Technological University | hold to or imply to hold herein. |
In reply to this post by Stuart Henderson
It was just a quick test. I did not install it.
Thanks, Carl -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Stuart Henderson Sent: Wednesday, September 24, 2008 3:47 PM To: [hidden email] Subject: Re: Does OpenBSD only allow 19 Interfaces On 2008-09-24, Carl Horne <[hidden email]> wrote: > Some more info. I downloaded version 3.9.8 of tcpdump from www.tcpdump.org > and built it. It gives the following error: Take care with non-OpenBSD versions of tcpdump, most (all?) still don't jail the protocol dissectors into an unprivileged process (note there are two processes showing in "ps" output with OpenBSD tcpdump, one is in a chroot jail in /var/empty running as user _tcpdump). |
Free forum by Nabble | Edit this page |