WebSVN – nexmon – Blame – Rev 1 – /utilities/libpcap/README.macosx

1

office

1

As with other systems using BPF, Mac OS X allows users with read access

2

to the BPF devices to capture packets with libpcap and allows users with

3

write access to the BPF devices to send packets with libpcap.

4

5

On some systems that use BPF, the BPF devices live on the root file

6

system, and the permissions and/or ownership on those devices can be

7

changed to give users other than root permission to read or write those

8

devices.

9

10

On newer versions of FreeBSD, the BPF devices live on devfs, and devfs

11

can be configured to set the permissions and/or ownership of those

12

devices to give users other than root permission to read or write those

13

devices.

14

15

On Mac OS X, the BPF devices live on devfs, but the OS X version of

16

devfs is based on an older (non-default) FreeBSD devfs, and that version

17

of devfs cannot be configured to set the permissions and/or ownership of

18

those devices.

19

20

Therefore, we supply:

21

22

a "startup item" for older versions of Mac OS X;

23

24

a launchd daemon for Tiger and later versions of Mac OS X;

25

26

Both of them will change the ownership of the BPF devices so that the

27

"admin" group owns them, and will change the permission of the BPF

28

devices to rw-rw----, so that all users in the "admin" group - i.e., all

29

users with "Allow user to administer this computer" turned on - have

30

both read and write access to them.

31

32

The startup item is in the ChmodBPF directory in the source tree. A

33

/Library/StartupItems directory should be created if it doesn't already

34

exist, and the ChmodBPF directory should be copied to the

35

/Library/StartupItems directory (copy the entire directory, so that

36

there's a /Library/StartupItems/ChmodBPF directory, containing all the

37

files in the source tree's ChmodBPF directory; don't copy the individual

38

items in that directory to /Library/StartupItems). The ChmodBPF

39

directory, and all files under it, must be owned by root. Installing

40

the files won't immediately cause the startup item to be executed; it

41

will be executed on the next reboot. To change the permissions before

42

the reboot, run

43

44

sudo SystemStarter start ChmodBPF

45

46

The launchd daemon is the chmod_bpf script, plus the

47

org.tcpdump.chmod_bpf.plist launchd plist file. chmod_bpf should be

48

installed in /usr/local/bin/chmod_bpf, and org.tcpdump.chmod_bpf.plist

49

should be installed in /Library/LaunchDaemons. chmod_bpf, and

50

org.tcpdump.chmod_bpf.plist, must be owned by root. Installing the

51

script and plist file won't immediately cause the script to be executed;

52

it will be executed on the next reboot. To change the permissions

53

before the reboot, run

54

55

sudo /usr/local/bin/chmod_bpf

or

sudo launchctl load /Library/LaunchDaemons/org.tcpdump.chmod_bpf.plist

60

61

If you want to give a particular user permission to access the BPF

62

devices, rather than giving all administrative users permission to

63

access them, you can have the ChmodBPF/ChmodBPF script change the

64

ownership of /dev/bpf* without changing the permissions. If you want to

65

give a particular user permission to read and write the BPF devices and

66

give the administrative users permission to read but not write the BPF

67

devices, you can have the script change the owner to that user, the

68

group to "admin", and the permissions to rw-r-----. Other possibilities

69

are left as an exercise for the reader.

70

71

(NOTE: due to a bug in Snow Leopard, if you change the permissions not

72

to grant write permission to everybody who should be allowed to capture

73

traffic, non-root users who cannot open the BPF devices for writing will

74

not be able to capture outgoing packets.)

nexmon – Blame information for rev 1