Nmap Development mailing list archives

RE: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9)

From: Dom Devitto <Dom.Devitto () ntl com>
Date: Mon, 9 Jan 2006 22:40:25 -0000

[ This is all quite OpenBSD-specific, but maybe it'll save someone a few ]
[ hours one day.  Crossposted to misc () openbsd org for extra karma        ]

Hmmm,

Lots of digging later shows that:
a) ifconfig doesn't know about BPF devices, whatever the changelog says.

e.g.
# ifconfig bpf20 create
ifconfig: SIOCIFCREATE: Invalid argument

b) you don't need to increase the number of BPF devices in the kernel... 
   but you MUST manually create the device-files in /dev.
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ergo:
You need a bpf device in /dev for every interface on the system.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It appears that the OpenBSD kernel can dynamically create the bpf devices
internally, but the BPF interface still needs the device-files in order to
work, and the kernel doesn't do that for you. (or maybe trying to use BPF
device-files causes the OpenBSD kernel to dynamically create the BPF
pseudo-device)

By default, "MAKEDEV all" only creates 10 BPF device-files, but when you've
more than 10 interfaces, bpf(), and consequently nmap, breaks.

Oddly enough, nmap works after doing a "ifconfig interface DELETE", not
DESTROY - why removing IP addresses from interfaces means nmap requires less
BPF devices isn't very clear (to me), as you can obviously still use BPF
with an interface that has no assigned IP4/6 address.  Weird.


Dom
Dom De Vitto  CISSP MBCS BSc        Desk: 01962 82 3363 / 716 3363
Security Consultant                 Mobile: 07855 805 271
Operational Security                <mailto:Dom.DeVitto () ntl com>
-----Original Message-----
From: Michael Coulter [mailto:mjc () bitz ca] 
Sent: 09 January 2006 02:10
To: Dom Devitto
Cc: nmap-dev () insecure org
Subject: Re: Execution problem : getinterfaces: Failed to open ethernet in
terface (fxp9)

On Sat, Jan 07, 2006 at 11:49:48PM -0000, Dom Devitto wrote:

really means - for 'clean' OpenBSD 3.8 at least:

"You need more BPF devices, rebuild your kernel, and remake /dev, possibly
changing MAKEDEV"


since 3.6 the kernel should not need to be rebuilt.

from http://www.openbsd.org/plus36.html

- Make bpf(4) devices clonable.


The contents of this email and any attachments are sent for the personal attention
of the addressee(s) only and may be confidential.  If you are not the intended
addressee, any use, disclosure or copying of this email and any attachments is
unauthorised - please notify the sender by return and delete the message.  Any
representations or commitments expressed in this email are subject to contract. 
 
ntl Group Limited



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

RE: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9) Dom Devitto (Jan 07)
- Re: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9) Fyodor (Jan 08)
- Re: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9) Michael Coulter (Jan 08)
- <Possible follow-ups>
- RE: Execution problem : getinterfaces: Failed to open ethernet in terface (fxp9) Dom Devitto (Jan 09)