Re: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Re: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9)

Dom Devitto
[ This is all quite OpenBSD-specific, but maybe it'll save someone a few ]
[ hours one day.  Crossposted to [hidden email] for extra karma        ]


Lots of digging later shows that:
a) ifconfig doesn't know about BPF devices, whatever the changelog says.

# ifconfig bpf20 create
ifconfig: SIOCIFCREATE: Invalid argument

b) you don't need to increase the number of BPF devices in the kernel...
   but you MUST manually create the device-files in /dev.
You need a bpf device in /dev for every interface on the system.

It appears that the OpenBSD kernel can dynamically create the bpf devices
internally, but the BPF interface still needs the device-files in order to
work, and the kernel doesn't do that for you. (or maybe trying to use BPF
device-files causes the OpenBSD kernel to dynamically create the BPF

By default, "MAKEDEV all" only creates 10 BPF device-files, but when you've
more than 10 interfaces, bpf(), and consequently nmap, breaks.

Oddly enough, nmap works after doing a "ifconfig interface DELETE", not
DESTROY - why removing IP addresses from interfaces means nmap requires less
BPF devices isn't very clear (to me), as you can obviously still use BPF
with an interface that has no assigned IP4/6 address.  Weird.

Dom De Vitto  CISSP MBCS BSc        Desk: 01962 82 3363 / 716 3363
Security Consultant                 Mobile: 07855 805 271
Operational Security                <mailto:[hidden email]>
-----Original Message-----
From: Michael Coulter [mailto:[hidden email]]
Sent: 09 January 2006 02:10
To: Dom Devitto
Cc: [hidden email]
Subject: Re: Execution problem : getinterfaces: Failed to open ethernet in
terface (fxp9)

On Sat, Jan 07, 2006 at 11:49:48PM -0000, Dom Devitto wrote:

> really means - for 'clean' OpenBSD 3.8 at least:
> "You need more BPF devices, rebuild your kernel, and remake /dev, possibly
> changing MAKEDEV"

since 3.6 the kernel should not need to be rebuilt.


- Make bpf(4) devices clonable.

The contents of this email and any attachments are sent for the personal attention
of the addressee(s) only and may be confidential.  If you are not the intended
addressee, any use, disclosure or copying of this email and any attachments is
unauthorised - please notify the sender by return and delete the message.  Any
representations or commitments expressed in this email are subject to contract.
ntl Group Limited