# How to get more than one bpf device?



## vincepoy (Feb 4, 2010)

Greetings everyone:

I was wondering what's the correct way to get more than one bpf device like what if I needed 3?  the kernel config notes file in src/sys/conf/CONF only states:


```
#  The `bpf' device enables the Berkeley Packet Filter.  Be
#  aware of the legal and administrative consequences of enabling this   
#  option.  The number of devices determines the maximum number of
#  simultaneous BPF clients programs runnable.  DHCP requires bpf.
device          bpf
```

which I assumes creates one bpf device, do I simply change it to:

device          bpf 3


----------



## DutchDaemon (Feb 4, 2010)

Haven't seen that used in ages, but it might still work. There's always devfs(5) or even mknod(8).


----------



## vincepoy (Feb 4, 2010)

I mean the thing is that device bpf is part of the GENERIC kernel but I wonder is that limited to one bpf device.  I'm already using devfs(5) and bpf* is listed as follows:

```
root@bigbang [3][/home/vince] >> dir /dev/bpf*
crw-------  1 root  wheel  -   0,  12 Feb  3 14:12 /dev/bpf
lrwxr-xr-x  1 root  wheel  -        3 Feb  3 14:12 /dev/bpf0 -> bpf
```

NOTES in the kernel config file seems as noted in my original post above seems to indicate "The number of devices determines the maximum number of simultaneous BPF clients programs runnable." so I wonder do you have to specify the maximum number of bpf devices or is the number of devices based on the number of physical devices available?


----------



## vincepoy (Feb 6, 2010)

Just tried putting:


```
device          bpf 4            # Berkeley packet filter
```

in the kernel config but when I tried a buildkernel, it gives a syntax error so it seems like "device bpf" is all that is allowed in the config.  Not sure if mknod is even needed as /dev/bpf0 is a symlink to /dev/bpf so probably a symlink for /dev/bpf1 going to bpf would work also, thought everything in /dev was supposed to be automatically created?


----------



## smarty (Feb 11, 2010)

I'm sure mine's not the best solution, but it works for what I'm doing.

Add the following to /etc/devfs.conf and reboot


```
own     bpf0    root:capture
perm    bpf0    0640
own     bpf1    root:capture
perm    bpf1    0640
own     bpf2    root:capture
perm    bpf2    0640
```
...


----------



## mdhughes (Feb 12, 2010)

I used the /etc/devfs.rules file to set the group to bpf and unhide the files on reboot.

```
[localrules=10]
add path 'bpf0' unhide mode 0640 group bpf
add path 'bpf1' unhide mode 0640 group bpf
```


----------



## vincepoy (Feb 12, 2010)

I don't have a problem creating the devices in /dev but how do I get the system to use anything past bpf0 as with the trafshow port, it seems to ask me to pick a interface rather than allowing it to monitor all network interfaces as mentioned in the manpage.


----------



## smarty (Feb 12, 2010)

mdhughes said:
			
		

> I used the /etc/devfs.rules file to set the group to bpf and unhide the files on reboot.
> 
> ```
> [localrules=10]
> ...



I like that.  I am using bpf* instead.


----------



## t4z3v4r3d (Sep 4, 2010)

Hello there.
I want to install nessus scanner on my BSD box , but the device /dev/bpf* is not enough!
and nessus installer says : more than 40 device(s) is needed !? how can i make device (mknod) when i don't know the major value for /dev/bpf* , and what is the best solution ?

I'm Using FreeBSD 8.1 stable .... 
No idea ?

Thanks all


----------

