freebsd-ports/security/nessus-libraries/files
Peter Pentchev a7a15bac7f Correct the explanations on using the BPF functionality on FreeBSD.
PR:		57813
Submitted by:	maintainer
2003-10-10 06:54:42 +00:00
..
patch-aa Upgrade to 2.0.7. 2003-07-04 20:59:42 +00:00
patch-ab
patch-ac
README.BPF Correct the explanations on using the BPF functionality on FreeBSD. 2003-10-10 06:54:42 +00:00

Nessus uses the pcap library, which uses the berkeley packet filter (bpf)
to do its job.

Since Nessus used multiple processes, several pcap-aware plugins will
need to access the the bpf at the same time. 

This means that you need to recompile your kernel with the following option:

pseudo-device   bpf

If for instance you want to have 10 nessusd running at the same time,
each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
(as nessusd is extremely lightweight, you can expect to have this amount
 of processes running at the same time)

If you plan to scan a whole network, we recommand you create at least
100 of them.

Once your kernel has been rebuilt, get root, cd to /dev
and do:

      ./MAKEDEV bpf+100

For FreeBSD 5.x this is not needed since the devfs creates devices when needed.

If you can not recompile your kernel, you can try to run the configure
script with the option --enable-bpf-sharing. In this case, nessusd will
try to share one /dev/bpf among multiple processes and do the filtering
in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO 
NOT RECOMMAND ENABLING IT.