More then 32 bfp devices on Freebsd 5.4-RELEASE-p7

Mon Oct 17 22:21:25 PDT 2005

On Mon, Oct 17, 2005 at 02:11:17PM +0100, Peter Wood wrote:
> Good Afternoon,
> 
> I'm now working at a large UK university in their network support 
> department, as such one of my duties is to monitor the residences 
> network. To this end I have a cloned nic for every vlan that we have on 
> resnet. It roughly comes to over 50 vlans, and FreeBSD its self copes 
> very nicely.
> 
> However I've run into a small problem when using nmap (and a tiny one in 
> Ethereal). Unless you specify the source address and source interface 
> for scans nmap will open every network device with bpf. The problem 
> comes when it hits the 33rd interface to open, nmap exits.
> 
> [eclair:~]# nmap -P0 -p 1-65535 -sS 10.34.96.168
> Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-17 14:03 BST
> getinterfaces: Failed to open ethernet interface (resnet737)
> QUITTING!
> 
> If I truss I get the following:
> 
> open("/dev/bpf29",0x1,01002230274)               ERR#16 'Device busy'
> open("/dev/bpf30",0x1,01002230274)               ERR#16 'Device busy'
> open("/dev/bpf31",0x1,01002230274)               ERR#16 'Device busy'
> write(2,0xbfbfab40,60)                               = 60 (0x3c)
> getinterfaces: Failed to open ethernet interface (resnet737)
> 
> So the question is, how can I allow more then 32 bpf devices, in the old 
> 4.X series I'd have just tagged a number on the end of the kernel line.

This is an obvious regression in nmap 3.93, which wasn't there before.
Here's the relevant part of eth-bsd.c found in nmap-3.93/libdnet-stripped/src:

                for (i = 0; i < 32; i++) {
                        snprintf(file, sizeof(file), "/dev/bpf%d", i);
                        e->fd = open(file, O_WRONLY);
                        if (e->fd != -1 || errno != EBUSY)
                                break;
                }

-- 
Yar