Add an OS X startup item to set the permissions and/or ownership of the
BPF devices, and add a README.macosx file to explain how to install and
use that startup item.
diff --git a/ChmodBPF/ChmodBPF b/ChmodBPF/ChmodBPF
new file mode 100755
index 0000000..ee37121
--- /dev/null
+++ b/ChmodBPF/ChmodBPF
@@ -0,0 +1,33 @@
+#! /bin/sh
+
+. /etc/rc.common
+
+StartService ()
+{
+ #
+ # Unfortunately, Mac OS X's devfs is based on the old FreeBSD
+ # one, not the current one, so there's no way to configure it
+ # to create BPF devices with particular owners or groups.
+ # This startup item will make it owned by the admin group,
+ # with permissions rw-rw----, so that anybody in the admin
+ # group can use programs that capture or send raw packets.
+ #
+ # Change this as appropriate for your site, e.g. to make
+ # it owned by a particular user without changing the permissions,
+ # so only that user and the super-user can capture or send raw
+ # packets, or give it the permissions rw-r-----, so that
+ # only the super-user can send raw packets but anybody in the
+ # admin group can capture packets.
+ #
+ chgrp admin /dev/bpf*
+ chmod g+rw /dev/bpf*
+}
+
+StopService ()
+{
+ return 0;
+}
+
+RestartService () { StartService; }
+
+RunService "$1"
diff --git a/ChmodBPF/StartupParameters.plist b/ChmodBPF/StartupParameters.plist
new file mode 100644
index 0000000..545e2a6
--- /dev/null
+++ b/ChmodBPF/StartupParameters.plist
@@ -0,0 +1,4 @@
+{
+ Description = "Change BPF permissions";
+ Provides = ("Non-root permission to capture or send raw packets");
+}
diff --git a/FILES b/FILES
index 0ba6919..95a4505 100644
--- a/FILES
+++ b/FILES
@@ -1,4 +1,6 @@
CHANGES
+ChmodBPF/ChmodBPF
+ChmodBPF/StartupParameters.plist
CREDITS
FILES
INSTALL.txt
@@ -9,6 +11,7 @@
README.dag
README.hpux
README.linux
+README.macosx
README.tru64
README.Win32
SUNOS4/nit_if.o.sparc
diff --git a/INSTALL.txt b/INSTALL.txt
index f54d30c..3a2d2ad 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,4 +1,4 @@
-@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.10 2004-04-05 22:43:50 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.11 2004-10-18 09:51:02 guy Exp $ (LBL)
To build libpcap, run "./configure" (a shell script). The configure
script will determine your system attributes and generate an
@@ -295,6 +295,8 @@
FILES
-----
CHANGES - description of differences between releases
+ChmodBPF/* - Mac OS X startup item to set ownership and permissions
+ on /dev/bpf*
CREDITS - people that have helped libpcap along
FILES - list of files exported as part of the distribution
INSTALL.txt - this file
@@ -305,6 +307,7 @@
README.dag - notes on using libpcap to capture on Endace DAG devices
README.hpux - notes on using libpcap on HP-UX
README.linux - notes on using libpcap on Linux
+README.macosx - notes on using libpcap on Mac OS X
README.tru64 - notes on using libpcap on Digital/Tru64 UNIX
README.Win32 - notes on using libpcap on Win32 systems (with WinPcap)
SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules
diff --git a/README.macosx b/README.macosx
new file mode 100644
index 0000000..25794d8
--- /dev/null
+++ b/README.macosx
@@ -0,0 +1,43 @@
+As with other systems using BPF, Mac OS X allows users with read access
+to the BPF devices to capture packets with libpcap and allows users with
+write access to the BPF devices to send packets with libpcap.
+
+On some systems that use BPF, the BPF devices live on the root file
+system, and the permissions and/or ownership on those devices can be
+changed to give users other than root permission to read or write those
+devices.
+
+On newer versions of FreeBSD, the BPF devices live on devfs, and devfs
+can be configured to set the permissions and/or ownership of those
+devices to give users other than root permission to read or write those
+devices.
+
+On Mac OS X, the BPF devices live on devfs, but the OS X version of
+devfs is based on an older (non-default) FreeBSD devfs, and that version
+of devfs cannot be configured to set the permissions and/or ownership of
+those devices.
+
+Therefore, we supply a "startup item" for OS X that will change the
+ownership of the BPF devices so that the "admin" group owns them, and
+will change the permission of the BPF devices to rw-rw----, so that all
+users in the "admin" group - i.e., all users with "Allow user to
+administer this computer" turned on - have both read and write access to
+them.
+
+The startup item is in the ChmodBPF directory in the source tree. A
+/Library/StartupItems directory should be created if it doesn't already
+exist, and the ChmodBPF directory should be copied to the
+/Library/StartupItems directory (copy the entire directory, so that
+there's a /Library/StartupItems/ChmodBPF directory, containing all the
+files in the source tree's ChmodBPF directory; don't copy the individual
+items in that directory to /Library/StartupItems).
+
+If you want to give a particular user permission to access the BPF
+devices, rather than giving all administrative users permission to
+access them, you can have the ChmodBPF/ChmodBPF script change the
+ownership of /dev/bpf* without changing the permissions. If you want to
+give a particular user permission to read and write the BPF devices and
+give the administrative users permission to read but not write the BPF
+devices, you can have the script change the owner to that user, the
+group to "admin", and the permissions to rw-r-----. Other possibilities
+are left as an exercise for the reader.
