On Jan 14, 2021, at 5:59 PM, Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx> wrote:
> The wireshark-chmodbpf script stops at /dev/bpf1.
How do you know that it stops at /dev/bpf1?
The *messages* stop at /dev/bpf1, but those are *not* progress messages, those are error messages from the shell.
The script does *not* print a message for every single BPF device it tries to create (by opening it), so if it *succeeds* in opening, for example, /dev/bpf2, it will *not* print anything about /dev/bpf2, so the fact that it only prints messages about /dev/bpf0 and /dev/bpf1 doesn't mean it stops at /dev/bpf1.
In fact...
> However, there appears to be /dev/bpf0 through /dev/bpf10 in existence when I do a “ls -lu /dev/bpf*” but nothing beyond bpf10.
>
> crw-r----- 1 root access_bpf 23, 0 Jan 14 16:57 /dev/bpf0
> crw-r----- 1 root access_bpf 23, 1 Jan 14 16:57 /dev/bpf1
> crw-r----- 1 root access_bpf 23, 10 Jan 14 16:57 /dev/bpf10
> crw-r----- 1 root access_bpf 23, 2 Jan 14 20:50 /dev/bpf2
> crw-r----- 1 root access_bpf 23, 3 Jan 14 20:50 /dev/bpf3
> crw-r----- 1 root access_bpf 23, 4 Jan 14 20:50 /dev/bpf4
> crw-r----- 1 root access_bpf 23, 5 Jan 14 20:50 /dev/bpf5
> crw-r----- 1 root access_bpf 23, 6 Jan 14 20:50 /dev/bpf6
> crw-r----- 1 root access_bpf 23, 7 Jan 14 20:50 /dev/bpf7
> crw-r----- 1 root access_bpf 23, 8 Jan 14 20:50 /dev/bpf8
> crw-r----- 1 root access_bpf 23, 9 Jan 14 20:50 /dev/bpf9
...the existence of those devices, and the fact that they're all owned by the access_bpf group, indicates that it did *not* stop at /dev/bpf1!