Wireshark mailing list archives

Re: Error when trying to run wireshark-chmodbpf 1.0.2

From: Kok-Yong Tan <ktan () realityartisans com>
Date: Thu, 14 Jan 2021 20:59:32 -0500

The wireshark-chmodbpf script stops at /dev/bpf1.

However, there appears to be /dev/bpf0 through /dev/bpf10 in existence when I do a “ls -lu /dev/bpf*” but nothing 
beyond bpf10.

crw-r-----  1 root  access_bpf   23,   0 Jan 14 16:57 /dev/bpf0
crw-r-----  1 root  access_bpf   23,   1 Jan 14 16:57 /dev/bpf1
crw-r-----  1 root  access_bpf   23,  10 Jan 14 16:57 /dev/bpf10
crw-r-----  1 root  access_bpf   23,   2 Jan 14 20:50 /dev/bpf2
crw-r-----  1 root  access_bpf   23,   3 Jan 14 20:50 /dev/bpf3
crw-r-----  1 root  access_bpf   23,   4 Jan 14 20:50 /dev/bpf4
crw-r-----  1 root  access_bpf   23,   5 Jan 14 20:50 /dev/bpf5
crw-r-----  1 root  access_bpf   23,   6 Jan 14 20:50 /dev/bpf6
crw-r-----  1 root  access_bpf   23,   7 Jan 14 20:50 /dev/bpf7
crw-r-----  1 root  access_bpf   23,   8 Jan 14 20:50 /dev/bpf8
crw-r-----  1 root  access_bpf   23,   9 Jan 14 20:50 /dev/bpf9

Also, I’m not running wireshark when I run the wireshark-chmodbpf script using sudo!

On 14 Jan, 2021, at 20:43 , Gerald Combs <gerald () wireshark org> wrote:

Does MacPorts wireshark-chmodbpf the script create /dev/bpf<X> up to /dev/bpf255, or does it stop at /dev/bpf1?

The script appears to be

https://github.com/macports/macports-ports/blob/master/net/wireshark-chmodbpf/files/patch-wireshark-chmodbpf.diff

which in turn appears to be adapted from the ChmodBPF we ship with Wireshark 3.2 and earlier:

https://gitlab.com/wireshark/wireshark/-/blob/master-3.2/packaging/macosx/ChmodBPF/root/Library/Application%20Support/Wireshark/ChmodBPF/ChmodBPF

I can replicate the "Resource busy" message here by running Wireshark, leaving the welcome screen up and attempting 
to read from /dev/bpf0:

----
$ read -n 0 < /dev/bpf0 > /dev/null 2>&1
bash: /dev/bpf0: Resource busy
----

However, that's just a result of Wireshark updating the interface sparklines via `dumpcap -S`, which has the first 
few /dev/bpf<X> devices open. It shouldn't keep wireshark-chmodbpf from creating all of the desired /dev/bpf<X> 
devices. If it does, then that's definitely a bug.

On 1/14/21 3:03 PM, Kok-Yong Tan wrote:

It’s a MacBook Pro running macOS 10.14.6.  I just upgraded Wireshark3 by rebuilding it using MacPorts.  Previously, 
just manually entering the “sudo chgrp…” and “sudo chmod…” Unix commands used to work fine.  Now it’s not.

On 14 Jan, 2021, at 09:48 , Jaap Keuter <jaap.keuter () xs4all nl <mailto:jaap.keuter () xs4all nl>> wrote:

Hi,

It would probably help if you listed what your system is and what you were doing before.

Thanks,
Jaap

On 14 Jan 2021, at 01:18, Kok-Yong Tan <ktan () realityartisans com <mailto:ktan () realityartisans com>> wrote:

sudo wireshark-chmodbpf
/opt/local/sbin/wireshark-chmodbpf: line 35: /dev/bpf0: Resource busy
/opt/local/sbin/wireshark-chmodbpf: line 35: /dev/bpf1: Resource busy

Does anybody know how to fix the above?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark 
org>>
Archives: https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
<https://www.wireshark.org/mailman/options/wireshark-users>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe <mailto:wireshark-users-request () wireshark 
org?subject=unsubscribe>


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark 
org>>
Archives: https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
<https://www.wireshark.org/mailman/options/wireshark-users>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe <mailto:wireshark-users-request () wireshark 
org?subject=unsubscribe>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Attachment: signature.asc
Description: Message signed with OpenPGP

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Error when trying to run wireshark-chmodbpf 1.0.2 Kok-Yong Tan (Jan 13)
- Re: Error when trying to run wireshark-chmodbpf 1.0.2 Jaap Keuter (Jan 14)
  - Re: Error when trying to run wireshark-chmodbpf 1.0.2 Kok-Yong Tan (Jan 14)
    - Re: Error when trying to run wireshark-chmodbpf 1.0.2 Gerald Combs (Jan 14)
    - Re: Error when trying to run wireshark-chmodbpf 1.0.2 Gerald Combs (Jan 14)
    - Re: Error when trying to run wireshark-chmodbpf 1.0.2 Kok-Yong Tan (Jan 14)
    - Re: Error when trying to run wireshark-chmodbpf 1.0.2 Guy Harris (Jan 14)
    - Re: Error when trying to run wireshark-chmodbpf 1.0.2 Guy Harris (Jan 14)