Does OpenBSD only allow 19 Interfaces

Hi,

I have put all my eggs in this basket so I am desperate to get this fixed.
This may only be a tcpdump issue.  If I have 19 interfaces tcpdump works as
expected.  If I have 20 or more it fails.

First I try with 20 interfaces setup and I get:
 # tcpdump -nttt -i bge0
 tcpdump: Failed to open bpf device for bge0: No such file or directory

Now I remove one of them:
 # ifconfig gre140 destroy

And now it works:
 # tcpdump -nttt -i bge0
 tcpdump: listening on bge0, link-type EN10MB
 Sep 24 12:00:40.989192 CARPv2-advertise 20: vhid=7 advbase=1 advskew=100
demote=0 [tos 0xc0]
 Sep 24 12:00:41.156206 CARPv2-advertise 36: vhid=1 advbase=1 advskew=20
demote=0 [tos 0x10]

I need to have around 50 total interfaces to complete the project and I need
tcpdump.  Pf still seems to find them for redirects so I am not sure if it's
an OS issue or a tcpdump issue.

Please help,
          Carl

Technical data:
# uname -a
OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64

# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
        groups: lo
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:09:3d:11:9b:0d
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 65.44.125.15 netmask 0xffffff00 broadcast 65.44.125.255
        inet6 fe80::209:3dff:fe11:9b0d%bge0 prefixlen 64 scopeid 0x1
bge1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:09:3d:11:9b:0e
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 159.212.73.15 netmask 0xffffff80 broadcast 159.212.73.127
        inet6 fe80::209:3dff:fe11:9b0e%bge1 prefixlen 64 scopeid 0x2
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:04:23:ae:17:c4
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 192.168.63.57 netmask 0xffffff00 broadcast 192.168.63.255
        inet6 fe80::204:23ff:feae:17c4%em0 prefixlen 64 scopeid 0x3
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:04:23:ae:17:c5
        media: Ethernet autoselect (none)
        status: no carrier
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33192
enc0: flags=0<> mtu 1536
pfsync0: flags=0<> mtu 1460
        pfsync: syncdev: em0 syncpeer: 192.168.63.56 maxupd: 128
        groups: carp pfsync
gre1: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 159.212.48.152
        inet6 fe80::209:3dff:fe11:9b0d%gre1 ->  prefixlen 64 scopeid 0xb
        inet 192.168.0.1 --> 192.168.1.1 netmask 0xffffffff
gre126: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 159.212.48.111
        inet6 fe80::209:3dff:fe11:9b0d%gre126 ->  prefixlen 64 scopeid 0xc
        inet 192.168.0.126 --> 192.168.1.126 netmask 0xffffffff
gre132: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.140.253.251
        inet6 fe80::209:3dff:fe11:9b0d%gre132 ->  prefixlen 64 scopeid 0xf
        inet 192.168.0.132 --> 192.168.1.132 netmask 0xffffffff
gre112: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.192.15.15
        inet6 fe80::209:3dff:fe11:9b0d%gre112 ->  prefixlen 64 scopeid 0x10
        inet 192.168.0.112 --> 192.168.1.112 netmask 0xffffffff
gre146: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 159.212.187.7
        inet6 fe80::209:3dff:fe11:9b0d%gre146 ->  prefixlen 64 scopeid 0x11
        inet 192.168.0.146 --> 192.168.1.146 netmask 0xffffffff
gre110: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.108.8.7
        inet6 fe80::209:3dff:fe11:9b0d%gre110 ->  prefixlen 64 scopeid 0x17
        inet 192.168.0.110 --> 192.168.1.110 netmask 0xffffffff
gre114: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.108.16.60
        inet6 fe80::209:3dff:fe11:9b0d%gre114 ->  prefixlen 64 scopeid 0x18
        inet 192.168.0.114 --> 192.168.1.114 netmask 0xffffffff
gre142: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.108.40.10
        inet6 fe80::209:3dff:fe11:9b0d%gre142 ->  prefixlen 64 scopeid 0x1d
        inet 192.168.0.142 --> 192.168.1.142 netmask 0xffffffff
gre118: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.108.24.45
        inet6 fe80::209:3dff:fe11:9b0d%gre118 ->  prefixlen 64 scopeid 0x1f
        inet 192.168.0.118 --> 192.168.1.118 netmask 0xffffffff
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:01
        carp: BACKUP carpdev bge0 vhid 1 advbase 1 advskew 200
        groups: carp
        inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x8
        inet 65.44.125.16 netmask 0xffffff00 broadcast 65.44.125.255
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:02
        carp: BACKUP carpdev bge1 vhid 2 advbase 1 advskew 200
        groups: carp
        inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x9
        inet 159.212.73.16 netmask 0xffffff80 broadcast 159.212.73.127

# cat sysctl.conf
#       $OpenBSD: sysctl.conf,v 1.42 2007/02/15 20:43:33 reyk Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time.  See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4
packets
#net.inet.ip.mforwarding=1      # 1=Permit forwarding (routing) of IPv4
multicast packets
#net.inet6.ip6.forwarding=1     # 1=Permit forwarding (routing) of IPv6
packets
#net.inet6.ip6.mforwarding=1    # 1=Permit forwarding (routing) of IPv6
multicast packets
#net.inet6.ip6.accept_rtadv=1   # 1=Permit IPv6 autoconf (forwarding must be
0)
#net.inet.tcp.rfc1323=0         # 0=Disable TCP RFC1323 extensions (for if tcp
is slow)
#net.inet.tcp.rfc3390=0         # 0=Disable RFC3390 for TCP window increasing
#net.inet.esp.enable=0          # 0=Disable the ESP IPsec protocol
#net.inet.ah.enable=0           # 0=Disable the AH IPsec protocol
#net.inet.esp.udpencap=0        # 0=Disable ESP-in-UDP encapsulation
#net.inet.ipcomp.enable=1       # 1=Enable the IPCOMP protocol
#net.inet.etherip.allow=1       # 1=Enable the Ethernet-over-IP protocol
#net.inet.tcp.ecn=1             # 1=Enable the TCP ECN extension
net.inet.gre.allow=1
net.inet.gre.wccp=1
net.inet.carp.allow=1
net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
#net.inet.carp.log=1            # 1=Enable logging of carp(4) packets
#ddb.panic=0                    # 0=Do not drop into ddb on a kernel panic
#ddb.console=1                  # 1=Permit entry of ddb from the console
#fs.posix.setuid=0              # 0=Traditional BSD chown() semantics
#vm.swapencrypt.enable=0        # 0=Do not encrypt pages that go to swap
#vfs.nfs.iothreads=4            # number of nfsio kernel threads
#net.inet.ip.mtudisc=0          # 0=disable tcp mtu discovery
#kern.usercrypto=0              # 0=disable userland use of /dev/crypto
#kern.splassert=2               # 2=enable with verbose error messages
#machdep.allowaperture=2        # See xf86(4)
#machdep.kbdreset=1             # permit console CTRL-ALT-DEL to do a nice
halt

Some more info.  I downloaded version 3.9.8 of tcpdump from www.tcpdump.org
and built it.  It gives the following error:

# /usr/local/tcpdump/sbin/tcpdump -nttt -i bge0
tcpdump: /dev/bpf10: No such file or directory

When I look in /dev I see bpf0 through bpf9.

Hope this helps.

Thanks,
     Carl

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Carl
Horne
Sent: Wednesday, September 24, 2008 12:13 PM
To: [hidden email]
Subject: Does OpenBSD only allow 19 Interfaces

Hi,

I have put all my eggs in this basket so I am desperate to get this fixed.
This may only be a tcpdump issue.  If I have 19 interfaces tcpdump works as
expected.  If I have 20 or more it fails.

First I try with 20 interfaces setup and I get:
 # tcpdump -nttt -i bge0
 tcpdump: Failed to open bpf device for bge0: No such file or directory

Now I remove one of them:
 # ifconfig gre140 destroy

And now it works:
 # tcpdump -nttt -i bge0
 tcpdump: listening on bge0, link-type EN10MB
 Sep 24 12:00:40.989192 CARPv2-advertise 20: vhid=7 advbase=1 advskew=100
demote=0 [tos 0xc0]
 Sep 24 12:00:41.156206 CARPv2-advertise 36: vhid=1 advbase=1 advskew=20
demote=0 [tos 0x10]

I need to have around 50 total interfaces to complete the project and I need
tcpdump.  Pf still seems to find them for redirects so I am not sure if it's
an OS issue or a tcpdump issue.

Please help,
          Carl

Technical data:
# uname -a
OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64

# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
        groups: lo
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:09:3d:11:9b:0d
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 65.44.125.15 netmask 0xffffff00 broadcast 65.44.125.255
        inet6 fe80::209:3dff:fe11:9b0d%bge0 prefixlen 64 scopeid 0x1
bge1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:09:3d:11:9b:0e
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 159.212.73.15 netmask 0xffffff80 broadcast 159.212.73.127
        inet6 fe80::209:3dff:fe11:9b0e%bge1 prefixlen 64 scopeid 0x2
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:04:23:ae:17:c4
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 192.168.63.57 netmask 0xffffff00 broadcast 192.168.63.255
        inet6 fe80::204:23ff:feae:17c4%em0 prefixlen 64 scopeid 0x3
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:04:23:ae:17:c5
        media: Ethernet autoselect (none)
        status: no carrier
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33192
enc0: flags=0<> mtu 1536
pfsync0: flags=0<> mtu 1460
        pfsync: syncdev: em0 syncpeer: 192.168.63.56 maxupd: 128
        groups: carp pfsync
gre1: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 159.212.48.152
        inet6 fe80::209:3dff:fe11:9b0d%gre1 ->  prefixlen 64 scopeid 0xb
        inet 192.168.0.1 --> 192.168.1.1 netmask 0xffffffff
gre126: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 159.212.48.111
        inet6 fe80::209:3dff:fe11:9b0d%gre126 ->  prefixlen 64 scopeid 0xc
        inet 192.168.0.126 --> 192.168.1.126 netmask 0xffffffff
gre132: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.140.253.251
        inet6 fe80::209:3dff:fe11:9b0d%gre132 ->  prefixlen 64 scopeid 0xf
        inet 192.168.0.132 --> 192.168.1.132 netmask 0xffffffff
gre112: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.192.15.15
        inet6 fe80::209:3dff:fe11:9b0d%gre112 ->  prefixlen 64 scopeid 0x10
        inet 192.168.0.112 --> 192.168.1.112 netmask 0xffffffff
gre146: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 159.212.187.7
        inet6 fe80::209:3dff:fe11:9b0d%gre146 ->  prefixlen 64 scopeid 0x11
        inet 192.168.0.146 --> 192.168.1.146 netmask 0xffffffff
gre110: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.108.8.7
        inet6 fe80::209:3dff:fe11:9b0d%gre110 ->  prefixlen 64 scopeid 0x17
        inet 192.168.0.110 --> 192.168.1.110 netmask 0xffffffff
gre114: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.108.16.60
        inet6 fe80::209:3dff:fe11:9b0d%gre114 ->  prefixlen 64 scopeid 0x18
        inet 192.168.0.114 --> 192.168.1.114 netmask 0xffffffff
gre142: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.108.40.10
        inet6 fe80::209:3dff:fe11:9b0d%gre142 ->  prefixlen 64 scopeid 0x1d
        inet 192.168.0.142 --> 192.168.1.142 netmask 0xffffffff
gre118: flags=b111<UP,POINTOPOINT,PROMISC,LINK0,LINK1,MULTICAST> mtu 1476
        groups: gre
        physical address inet 159.212.73.16 --> 10.108.24.45
        inet6 fe80::209:3dff:fe11:9b0d%gre118 ->  prefixlen 64 scopeid 0x1f
        inet 192.168.0.118 --> 192.168.1.118 netmask 0xffffffff
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:01
        carp: BACKUP carpdev bge0 vhid 1 advbase 1 advskew 200
        groups: carp
        inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x8
        inet 65.44.125.16 netmask 0xffffff00 broadcast 65.44.125.255
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:00:5e:00:01:02
        carp: BACKUP carpdev bge1 vhid 2 advbase 1 advskew 200
        groups: carp
        inet6 fe80::200:5eff:fe00:102%carp2 prefixlen 64 scopeid 0x9
        inet 159.212.73.16 netmask 0xffffff80 broadcast 159.212.73.127

# cat sysctl.conf
#       $OpenBSD: sysctl.conf,v 1.42 2007/02/15 20:43:33 reyk Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time.  See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4
packets
#net.inet.ip.mforwarding=1      # 1=Permit forwarding (routing) of IPv4
multicast packets
#net.inet6.ip6.forwarding=1     # 1=Permit forwarding (routing) of IPv6
packets
#net.inet6.ip6.mforwarding=1    # 1=Permit forwarding (routing) of IPv6
multicast packets
#net.inet6.ip6.accept_rtadv=1   # 1=Permit IPv6 autoconf (forwarding must be
0)
#net.inet.tcp.rfc1323=0         # 0=Disable TCP RFC1323 extensions (for if
tcp
is slow)
#net.inet.tcp.rfc3390=0         # 0=Disable RFC3390 for TCP window increasing
#net.inet.esp.enable=0          # 0=Disable the ESP IPsec protocol
#net.inet.ah.enable=0           # 0=Disable the AH IPsec protocol
#net.inet.esp.udpencap=0        # 0=Disable ESP-in-UDP encapsulation
#net.inet.ipcomp.enable=1       # 1=Enable the IPCOMP protocol
#net.inet.etherip.allow=1       # 1=Enable the Ethernet-over-IP protocol
#net.inet.tcp.ecn=1             # 1=Enable the TCP ECN extension
net.inet.gre.allow=1
net.inet.gre.wccp=1
net.inet.carp.allow=1
net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
#net.inet.carp.log=1            # 1=Enable logging of carp(4) packets
#ddb.panic=0                    # 0=Do not drop into ddb on a kernel panic
#ddb.console=1                  # 1=Permit entry of ddb from the console
#fs.posix.setuid=0              # 0=Traditional BSD chown() semantics
#vm.swapencrypt.enable=0        # 0=Do not encrypt pages that go to swap
#vfs.nfs.iothreads=4            # number of nfsio kernel threads
#net.inet.ip.mtudisc=0          # 0=disable tcp mtu discovery
#kern.usercrypto=0              # 0=disable userland use of /dev/crypto
#kern.splassert=2               # 2=enable with verbose error messages
#machdep.allowaperture=2        # See xf86(4)
#machdep.kbdreset=1             # permit console CTRL-ALT-DEL to do a nice
halt

On 2008-09-24, Carl Horne <[hidden email]> wrote:
> I have put all my eggs in this basket so I am desperate to get this fixed.
> This may only be a tcpdump issue.  If I have 19 interfaces tcpdump works as
> expected.  If I have 20 or more it fails.
>
> First I try with 20 interfaces setup and I get:
>  # tcpdump -nttt -i bge0
>  tcpdump: Failed to open bpf device for bge0: No such file or directory

I can't replicate if I just create 30 lo* interfaces and run
tcpdump..  do you have other tcpdump running? how many bpf are
in use? (fstat|grep bpf) - you know they need device nodes in
/dev and by default you get 10?

> I need to have around 50 total interfaces to complete the project and I need
> tcpdump.  Pf still seems to find them for redirects so I am not sure if it's
> an OS issue or a tcpdump issue.

More likely tcpdump/bpf. I think it's highly probable that there
are people here running with many more interfaces (at least vlan)
than that.

> OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64

PF has improved greatly since 4.1, by the way.

Stuart,

Thanks so much.  I am using urlsnarf to log url requests and there is one
instance running for each gre tunnel.  I have a script that auto starts or
stop one as soon as I added or removed a tunnel.  So when I added a tunnel it
would fire up a new instance breaking tcpdump.  Removing the tunnel would kill
an instance fixing tcpdump.  I will have to figure out another way to get that
data.  Thanks for your help.

Carl

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Stuart Henderson
Sent: Wednesday, September 24, 2008 1:55 PM
To: [hidden email]
Subject: Re: Does OpenBSD only allow 19 Interfaces

On 2008-09-24, Carl Horne <[hidden email]> wrote:
> I have put all my eggs in this basket so I am desperate to get this fixed.
> This may only be a tcpdump issue.  If I have 19 interfaces tcpdump works as
> expected.  If I have 20 or more it fails.
>
> First I try with 20 interfaces setup and I get:
>  # tcpdump -nttt -i bge0
>  tcpdump: Failed to open bpf device for bge0: No such file or directory

I can't replicate if I just create 30 lo* interfaces and run
tcpdump..  do you have other tcpdump running? how many bpf are
in use? (fstat|grep bpf) - you know they need device nodes in
/dev and by default you get 10?

> I need to have around 50 total interfaces to complete the project and I
need
> tcpdump.  Pf still seems to find them for redirects so I am not sure if
it's
> an OS issue or a tcpdump issue.

More likely tcpdump/bpf. I think it's highly probable that there
are people here running with many more interfaces (at least vlan)
than that.

> OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64

PF has improved greatly since 4.1, by the way.

Carl Horne wrote:
> Some more info.  I downloaded version 3.9.8 of tcpdump from www.tcpdump.org
> and built it.  It gives the following error:

Carl,

I think you are going down a more dangerous path then you might need to
do here.

You are mixing many things now.

I would start first by running 4.3, or 4.4 if you are up for it and then
do your setup with it.

You are still running 4.1

"OpenBSD xxxx.xxx.xxx 4.1 GENERIC.MP#1152 amd64"

Witch is not supported anymore and you sure would have more chances to
get help if you actually run supported version and also there was so
many changes from that 4.1 version that you would be better serve anyway.

PF got lots of changes, more efficient TCP stack, many changes in VLan,
changes in pflog, etc, etc, etc...

Help yourself and save yourself time by starting with what would help
you first.

Then if you still have issues, you are more likely to get help oppose to
try to address old version.

Very strongly consider this advise, specially if you need to run that
many interfaces, witch looks like might be a more critical piece of your
setup. So, help yourself and use newer version.

Best,

Daniel.

On 2008/09/24 14:12, Carl Horne wrote:
> Stuart,
>
> Thanks so much.  I am using urlsnarf to log url requests and there
> is one instance running for each gre tunnel.  I have a script that
> auto starts or stop one as soon as I added or removed a tunnel.  So
> when I added a tunnel it would fire up a new instance breaking
> tcpdump.  Removing the tunnel would kill an instance fixing tcpdump.
> I will have to figure out another way to get that data.  Thanks for
> your help.

some options to try:

- create new bpf device nodes (using /dev/MAKEDEV), though I'm not
sure what the usable limit is.

- in -current or the forthcoming 4.4 release, you can have PF log
the packets to a pflog interface, and run urlsnarf on that interface.
(a change was committed a few months ago to libnids, used by
dsniff/urlsnarf, to permit capture on a pflog interface). Then you
can e.g. "pass in log (all, to pflog1) to port 80" and run urlsnarf
on pflog1; then you only have one BPF listener. I'm not sure, but
I'd guess that overheads should be lower this way.

(you could also use pflog0 of course, but you might prefer
to split it off so you can continue to log your normal blocked
traffic via pflogd. pflog1 doesn't normally exist, so you would
have to create the interface too; echo up>/etc/hostname.pflog1).

On 2008-09-24, Carl Horne <[hidden email]> wrote:
> Some more info.  I downloaded version 3.9.8 of tcpdump from www.tcpdump.org
> and built it.  It gives the following error:

Take care with non-OpenBSD versions of tcpdump, most (all?) still don't
jail the protocol dissectors into an unprivileged process (note there are
two processes showing in "ps" output with OpenBSD tcpdump, one is in a
chroot jail in /var/empty running as user _tcpdump).

On Wed, Sep 24, 2008 at 01:52:05PM -0600, Carl Horne wrote:
> Some more info.  I downloaded version 3.9.8 of tcpdump from www.tcpdump.org
> and built it.  It gives the following error:

this will likey not work.  openbsd tcpdump is heavily modified from
the upstream.  there are parts of this you will want (pf related)
which are not in the stock tcpdump.  i'd be very suprised if it
is functional at all.

you should really upgrade to a supported version of openbsd,
as others have suggested.

cel

--
Christopher Linn <celinn at mtu.edu>  | By no means shall either the CEC
System Administrator II               | or MTU be held in any way liable
  Center for Experimental Computation | for any opinions or conjecture I
    Michigan Technological University | hold to or imply to hold herein.

It was just a quick test.  I did not install it.

Thanks,
    Carl

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of
Stuart Henderson
Sent: Wednesday, September 24, 2008 3:47 PM
To: [hidden email]
Subject: Re: Does OpenBSD only allow 19 Interfaces

On 2008-09-24, Carl Horne <[hidden email]> wrote:
> Some more info.  I downloaded version 3.9.8 of tcpdump from www.tcpdump.org
> and built it.  It gives the following error:

Take care with non-OpenBSD versions of tcpdump, most (all?) still don't
jail the protocol dissectors into an unprivileged process (note there are
two processes showing in "ps" output with OpenBSD tcpdump, one is in a
chroot jail in /var/empty running as user _tcpdump).