Contributed by Dengue on from the nessus'ing dept.
"I'm using OpenBSD as audit platform. When doing larger Nessus scans the system quickly runs low on available bpf devices. If you are running Nessus yourself consult the "/usr/local/var/nessus/logs/nessusd.dump" logfile to check if there's any line with pcap.c complaining about "No free bpf".My solution was to make a kernel with support for more bpf devices. I altered the config to:
pseudo-device bpfilter 50and ran this perl script creating the devices:#!/usr/bin/perl # Asume user being root/wheel and umask being 022 for ($i=11;$i <49;$i++) { system("mknod bpf$i c 23 $i"); system("chmod o-r,g-r bpf$i");} }Of course there's no guarantee Nessus won't run low again. Nessus should be configured to run the scans with a parallelism low enough to keep it from running low on bpf's.Is this the proper way to do this?
Regards, Tom" 49;$i++)>
(Comments are closed)
By don't ask! () on
By Dave Diehl () dave@chezmou.org on mailto:dave@chezmou.org
By Brad Smith () brad@comstyle.com on mailto:brad@comstyle.com
This requires 3.0 and up.
root@ss5# config -ef /bsd
OpenBSD 3.0-current (GENERIC_SCSI3) #0: Sun Jan 20 20:13:31 EST 2002
brad@ss5:/usr/src/src/sys/arch/sparc/compile/GENERIC_SCSI3
Enter 'help' for information
ukc> change bpf
132 bpfilter count 8 (pseudo device)
change [n] y
count [8] ? 12
132 bpfilter changed
132 bpfilter count 12 (pseudo device)
ukc> quit
Saving modified kernel.
Then reboot and add the device files.
By Andy () on
By John Benninghoff () john.benninghoff@rbcdain.com on mailto:john.benninghoff@rbcdain.com
Since I run nessus from a fairly fast system, I boosted the max threads to 64. To support this in the kernel, I increased the number of bpfs to 128. Since each thread shouldn't ever use more than one bpf, this is more than enough.
However, I also found that nessus uses one pseudo-terminal per thread when running nmap, so I also needed to increase the pty count (to 128).
To create the devices, I just added the following to the MAKEDEV shell script, just before all):
nessus)
sh $this bpf10 bpf11 bpf12 bpf13 bpf14 bpf15 bpf16 bpf17 bpf18 bpf19
sh $this bpf20 bpf21 bpf22 bpf23 bpf24 bpf25 bpf26 bpf27 bpf28 bpf29
sh $this pty2 pty3 pty4
;;
Just ./MAKEDEV nessus to create all the needed devices.