blob: 3c1bc7fb73c262937293370068e3f39442c265b5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#! /bin/bash
#
# $Id$
. /etc/rc.common
StartService ()
{
#
# Unfortunately, Mac OS X's devfs is based on the old FreeBSD
# one, not the current one, so there's no way to configure it
# to create BPF devices with particular owners or groups. BPF
# devices on Mac OS X are also non-cloning, that is they can
# be created on demand at any time. This startup item will
# pre-create a number of BPF devices, then make them owned by
# the access_bpf group, with permissions rw-rw----, so that
# anybody in the access_bpf group can use programs that capture
# or send raw packets.
#
# Change this as appropriate for your site, e.g. to make
# it owned by a particular user without changing the permissions,
# so only that user and the super-user can capture or send raw
# packets, or give it the permissions rw-r-----, so that
# only the super-user can send raw packets but anybody in the
# admin group can capture packets.
#
# Pre-create BPF devices. Set to 0 to disable.
FORCE_CREATE_BPF_MAX=256
SYSCTL_MAX=$( sysctl -n debug.bpf_maxdevices )
if [ "$FORCE_CREATE_BPF_MAX" -gt "$SYSCTL_MAX" ] ; then
FORCE_CREATE_BPF_MAX=$SYSCTL_MAX
fi
syslog -s -l notice "ChmodBPF: Forcing creation and setting permissions for /dev/bpf*"
CUR_DEV=0
while [ "$CUR_DEV" -lt "$FORCE_CREATE_BPF_MAX" ] ; do
# Try to do the minimum necessary to trigger the next device.
read -n 0 < /dev/bpf$CUR_DEV > /dev/null 2>&1
CUR_DEV=$(( $CUR_DEV + 1 ))
done
chgrp access_bpf /dev/bpf*
chmod g+rw /dev/bpf*
}
StopService ()
{
return 0;
}
RestartService () { StartService; }
RunService "$1"
|
