*BSD News Article 88404


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!nntp.coast.net!newsfeed.dacom.co.kr!arclight.uoregon.edu!news.bc.net!unixg.ubc.ca!van-bc!n1van.istar!van.istar!west.istar!ott.istar!istar.net!news.nstn.ca!coranto.ucs.mun.ca!news1.bellglobal.com!sympatico.ca!not-for-mail
From: gbuchanan@localhost.on.sympatico.ca (Gardner Buchanan)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: tcpdump of ppp?
Date: 3 Feb 1997 23:42:36 GMT
Organization: Sympatico
Lines: 40
Message-ID: <5d5t5c$m22$1@news1.sympatico.ca>
References: <5d4uuf$113@chronicle.concentric.net>
Reply-To: gbuchanan@sympatico.ca
NNTP-Posting-Host: ppp1872.on.sympatico.ca
X-Newsreader: knews 0.9.3
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:35079

In article <5d4uuf$113@chronicle.concentric.net>,
	Slater@cris.com (Rick Slater) writes:

>The ppp documentation claims that one can use tcpdump with it,
>but when I point tcpdump at /dev/tun it comes up with the error
>message "/dev/bpf improperly configured" and then exits.
>
>The man pages say very little about /dev/bpf - a device which was
>installed by the Walnut Creek cdrom distribution of FreeBSD 2.1.0.
>
>If anyone could suggest either a remedy or documentation to read,
>I'd very much appreciate it.
>

You need to configure the bpfilter device in your kernel.
Look in /usr/src/sys/i386/conf/LINT...

#  The `bpfilter' pseudo-device enables the Berkeley Packet Filter.  Be
#  aware of the legal and administrative consequences of enabling this
#  option.  The number of devices determines the maximum number of
#  simultaneous BPF clients programs runnable.
#
pseudo-device   bpfilter        4       #Berkeley packet filter

This pseudo device is not compiled into the generic kernel.
Read the handbook pages on building a kernel.  It is easy.
While you're in there, add:

# KTRACE enables the system-call tracing facility ktrace(2).
# 
options         KTRACE                  #kernel tracing

You will thank me later.

The man pages on bpf(4), pcap(3) and tcpdump(1) will be of help also.

============================================
Gardner Buchanan    <gbuchanan@sympatico.ca>
Ottawa, ON