On Tue, Nov 27, 2012 at 10:17 PM, Mike Belopuhov <[email protected]> wrote:
> apparently it works just fine. the number of clones is limited
> by the v_specbitmap which currently allows for 64 clones total
> (per system, not per process).
>
Please clarify: Does it mean 64 cloned bpf devices per system or 64
cloned devices of any type in total? Or would it even allow to use
bpf0 for the first 64 clones, bpf1 for the next 64 and so on?
If running a custom kernel (according to the diff in your next email)
is the only way to increase this limit, I would propose to bump the
default to at least 256. I know of at least a few people who run many
interfaces/VLANs (> 64) and need one bpf per interface.
> apply the diff and see how all your apps are happily using single
> device node: /dev/bpf0.
>
> thanks to pedro and thib for the spec_open_clone and guenther
> for helping out big time.
>
> i'm not 100% sure we want this but why wouldn't we?
> generally speaking we also need to move to a single /dev/bpf
> node, but that can be done, once this diff is tested and we all
> agree that this is a way to go.
>
> so please test and share your thoughts.
>
I want this. Actually I want this for a long time (about 6 years?).
But I cannot judge the fs layer of the implementation.
At least NetBSD, FreeBSD, DragonFlyBSD and Solaris seem to have a
clonable /dev/bpf for a long time now. Going to a single /dev/bpf
shouldn't be a big problem as we can update our in-tree bpf users
easily, most ports including snort/daq seem to use our libpcap, and
other upstream code already checks for a clonable /dev/bpf.
Reyk
>
> diff --git sys/sys/conf.h sys/sys/conf.h
> index b2ee90c..46937fd 100644
> --- sys/sys/conf.h
> +++ sys/sys/conf.h
> @@ -313,7 +313,7 @@ extern struct cdevsw cdevsw[];
> dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
> dev_init(c,n,write), dev_init(c,n,ioctl), (dev_type_stop((*)))
> enodev, \
> 0, dev_init(c,n,poll), (dev_type_mmap((*))) enodev, \
> - 0, 0, dev_init(c,n,kqfilter) }
> + 0, D_CLONE, dev_init(c,n,kqfilter) }
>
> /* open, close, ioctl */
> #define cdev_lkm_init(c,n) { \
