Attachment #35911 for bug #57813

View | Details | Raw Unified | Return to bug 57813 | Differences between
Collapse All | Expand All




Nessus uses the pcap library, which uses the berkeley packet filter (bpf)
to do its job.

Since Nessus used multiple processes, several pcap-aware plugins will
need to access the the bpf at the same time. 

This means that you need to recompile your kernel with the following option:
following option :

pseudo-device   bpf
pseudo-device   bpfilter

For FreeBSD 4.x:
pseudo-device   bpfilter NUM

Where 'NUM' is the number of bpf you want -- it should be equal to
the 'max hosts number' option you enter in nessusd x the
'max plugins' option.
	   
If for instance you want to have 10 nessusd running at the same time,
each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
(as nessusd is extremely lightweight, you can expect to have this amount

100 of them.

Once your kernel has been rebuilt, get root, cd to /dev
and do:

  i=0; while [ $i -lt 100];
  do
  ./MAKEDEV bpf$i
  let i=$i+1
  done

On FreeBSD, you can directly do :
      ./MAKEDEV bpf+100

For FreeBSD 5.x this is not needed since the devfs creates devices when needed.

If you can not recompile your kernel, you can try to run the configure
script with the option --enable-bpf-sharing. In this case, nessusd will

Return to bug 57813

Lines 1-22 Link Here

(-)nessus-libraries/files/README.BPF (-22 / +6 lines)
1	Nessus uses the pcap library, which uses the	1	Nessus uses the pcap library, which uses the berkeley packet filter (bpf)
2	berkeley packet filter (bpf) to do its job.	2	to do its job.
3		3
4	Since Nessus used multiple processes, several pcap-aware plugins will	4	Since Nessus used multiple processes, several pcap-aware plugins will
5	need to access the the bpf at the same time.	5	need to access the the bpf at the same time.
6		6
7	This means that you need to recompile your kernel with the	7	This means that you need to recompile your kernel with the following option:
8	following option :
9		8
10	For FreeBSD 5.x:	9	pseudo-device bpf
11	pseudo-device bpfilter
12		10
13	For FreeBSD 4.x:
14	pseudo-device bpfilter NUM
15
16	Where 'NUM' is the number of bpf you want -- it should be equal to
17	the 'max hosts number' option you enter in nessusd x the
18	'max plugins' option.
19
20	If for instance you want to have 10 nessusd running at the same time,	11	If for instance you want to have 10 nessusd running at the same time,
21	each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs	12	each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
22	(as nessusd is extremely lightweight, you can expect to have this amount	13	(as nessusd is extremely lightweight, you can expect to have this amount
Lines 26-43 Link Here
26	100 of them.	17	100 of them.
27		18
28	Once your kernel has been rebuilt, get root, cd to /dev	19	Once your kernel has been rebuilt, get root, cd to /dev
29	and do :	20	and do:
30
31	i=0; while [ $i -lt 100];
32	do
33	./MAKEDEV bpf$i
34	let i=$i+1
35	done
36		21
37	On FreeBSD, you can directly do :
38	./MAKEDEV bpf+100	22	./MAKEDEV bpf+100
39		23
40	(For FreeBSD 5.x this is not needed since the devfs creates devices when needed)	24	For FreeBSD 5.x this is not needed since the devfs creates devices when needed.
41		25
42	If you can not recompile your kernel, you can try to run the configure	26	If you can not recompile your kernel, you can try to run the configure
43	script with the option --enable-bpf-sharing. In this case, nessusd will	27	script with the option --enable-bpf-sharing. In this case, nessusd will