Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'Cannot open BPF device' error on c.open() #47

Closed
carloscuba opened this issue Mar 24, 2017 · 6 comments
Closed

'Cannot open BPF device' error on c.open() #47

carloscuba opened this issue Mar 24, 2017 · 6 comments

Comments

@carloscuba
Copy link

I'm working on an Electron App that broadcasts UDP to find specific devices connected to the network and it is throwing an error on this line:

var linkType = c.open(device, filter, bufSize, buffer);

This is the error on the console: Uncaught Error: (cannot open BPF device) /dev/bpf0: Permission denied

It works fine on my local environment, but when running the App on another Mac it's failing as described. Do I have to grant permissions to the App in order to be able to open the Cap object (c)? I've tried using the sudo-prompt module but it is not working.
@mscdex
Copy link
Owner

mscdex commented Mar 24, 2017
edited
Loading

I have no idea, I don't use macos. However, the tests all run fine on macos via Travis.

@carloscuba
Copy link
Author

Thanks for your quick reply!
Any clues about why this can be happening? When I start the App from the terminal and using sudo it's working fine.

large

@mscdex
Copy link
Owner

mscdex commented Mar 24, 2017

Most likely a lack of permissions as the error text suggests. On most platforms you have to have special privileges to be able to start capturing packets on most network interfaces.

@robsontenorio
Copy link

@mscdex I have a similar problem on LINUX. I have libpcap and libpcap-dev installed.

But at

var linkType = c.open(device, filter, bufSize, buffer);

I got

Error: socket: Operation not permited

Do i need root privilege to able to start capturing packets on linux?

@mscdex
Copy link
Owner

mscdex commented Jul 25, 2017
edited
Loading

Yes, the best solution is to start as root, start listening for packets, and then drop the privileges of the process using process.setgid() and process.setuid() to something more appropriate, such as the current user and group (or perhaps nobody/nobody). Perform these steps before doing anything else (including require()ing other non-node core modules). This way you can ensure that nothing else in the node process (e.g. third party modules) gets superuser privileges, which is good for security.

This is also a better solution than what you may find elsewhere online which may suggest to use setcap on the node executable which is a huge security issue because the same node executable is used to execute any and all scripts, not just the one using cap (and setcap can't be used on a shell script or limited to a specific node script).

@ghost
Copy link

ghost commented Oct 28, 2017

sudo chmod o+r /dev/bpf* should help in reading of Berkley Packet Filter.

@mscdex mscdex closed this as completed Feb 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mscdex @robsontenorio @carloscuba