# devfs.rules unhide bpf not working



## Beeblebrox (Jan 22, 2013)

I need to unhide bpf in /etc/devfs.rules. The syntax I have placed is not working though. What is the correct entry for "unhide bpf" in the new syntax?

```
[devfsrules_jail=11]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
[color="Red"]add path 'bpf*' unhide[/color]
#add path net unhide
#add path 'net/*' unhide
```
my /etc/jail.conf:

```
allow.mount.devfs;
	allow.mount.procfs;
	exec.start = "/bin/sh /etc/rc";
	exec.stop = "/bin/sh /etc/rc.shutdown";
	allow.mount.nullfs;

pxe {
	name = pxe;
	host.hostname = pxe;
	interface = re0;
	ip4.addr = 192.168.2.1/32;
	path = /data/amd64;
	allow.raw_sockets;
	enforce_statfs = 1;
	mount.fstab = /etc/fstab.pxe;
	allow.mount.procfs;
	devfs_ruleset = 11;
}
```
and #jail -c pxe gives:

```
No bpf devices.   Please read the README section for your operating system.
.....
exiting.
/etc/rc: WARNING: failed to start dhcpd
```
From inside the jail, #ls -la /dev *only* shows:

```
lrwxr-xr-x  1 root  wheel  12 Nov  7 10:59 log -> /var/run/log
-rw-r--r--  1 root  wheel   0 Jan 22 18:07 null
```


----------



## Beeblebrox (Jan 23, 2013)

For testing I edited /etc/defaults/devfs.rules and disabled hide_all:

```
[devfsrules_hide_all=1]
# add hide
```
Then I tried starting the jail again, but got the same result - no bpf.
I'm also wondering if there is any new sysctl setting I should be aware of?
The handbook states following but I could not find a relevant devfs entry.


> The Berkeley Packet Filter provides a raw interface to data link layers in a protocol independent fashion. BPF is now controlled by the devfs(8) whether it can be used in a jailed environment.


----------



## bthomson (Mar 17, 2013)

I was having a hard time with this, it might be the same cause for you. It was because I didn't realize devfs doesn't automatically load in changes to /etc/devfs.rules. So I had just added a new ruleset in there for the jail but the ruleset was not actually loaded into devfs, and hence not getting applied.

Maybe that's why it did not change anything when you edited /etc/defaults/devfs.rules.


----------



## Beeblebrox (Mar 18, 2013)

I solved this some time back - sorry for not updating the thread with the solution.

As you stated correctly, the source of the problem was that devfs was not mounting when the jail started. I think I had the devfs entry in my fstab.jailname, but I won't swear by it. In any case, the syntax above is incorrect it should be:

```
mount.devfs;
```
Whereas allow.mount.*; is for allowing mount from inside jail (by user or by a process). Once devfs mounted the error cleared out.

An additional but separate error is in the IP of the pxe-booting jail:

```
ip4.addr = 192.168.2.1/32
```
Breaks DHCP functionality since we have denied it a proper broadcast address Ip was switched to 192.168.2.1/24.


----------

