diff options
Diffstat (limited to 'packaging')
-rwxr-xr-x | packaging/macosx/ChmodBPF/ChmodBPF | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/packaging/macosx/ChmodBPF/ChmodBPF b/packaging/macosx/ChmodBPF/ChmodBPF index e89b587d67..3c1bc7fb73 100755 --- a/packaging/macosx/ChmodBPF/ChmodBPF +++ b/packaging/macosx/ChmodBPF/ChmodBPF @@ -1,18 +1,22 @@ -#! /bin/sh +#! /bin/bash # # $Id$ . /etc/rc.common + StartService () { # # Unfortunately, Mac OS X's devfs is based on the old FreeBSD # one, not the current one, so there's no way to configure it - # to create BPF devices with particular owners or groups. - # This startup item will make it owned by the admin group, - # with permissions rw-rw----, so that anybody in the admin - # group can use programs that capture or send raw packets. + # to create BPF devices with particular owners or groups. BPF + # devices on Mac OS X are also non-cloning, that is they can + # be created on demand at any time. This startup item will + # pre-create a number of BPF devices, then make them owned by + # the access_bpf group, with permissions rw-rw----, so that + # anybody in the access_bpf group can use programs that capture + # or send raw packets. # # Change this as appropriate for your site, e.g. to make # it owned by a particular user without changing the permissions, @@ -21,6 +25,24 @@ StartService () # only the super-user can send raw packets but anybody in the # admin group can capture packets. # + + # Pre-create BPF devices. Set to 0 to disable. + FORCE_CREATE_BPF_MAX=256 + + SYSCTL_MAX=$( sysctl -n debug.bpf_maxdevices ) + if [ "$FORCE_CREATE_BPF_MAX" -gt "$SYSCTL_MAX" ] ; then + FORCE_CREATE_BPF_MAX=$SYSCTL_MAX + fi + + syslog -s -l notice "ChmodBPF: Forcing creation and setting permissions for /dev/bpf*" + + CUR_DEV=0 + while [ "$CUR_DEV" -lt "$FORCE_CREATE_BPF_MAX" ] ; do + # Try to do the minimum necessary to trigger the next device. + read -n 0 < /dev/bpf$CUR_DEV > /dev/null 2>&1 + CUR_DEV=$(( $CUR_DEV + 1 )) + done + chgrp access_bpf /dev/bpf* chmod g+rw /dev/bpf* } |