'Cannot open BPF device' error on c.open()

[carloscuba]

I'm working on an Electron App that broadcasts UDP to find specific devices connected to the network and it is throwing an error on this line:

var linkType = c.open(device, filter, bufSize, buffer);

This is the error on the console: Uncaught Error: (cannot open BPF device) /dev/bpf0: Permission denied

It works fine on my local environment, but when running the App on another Mac it's failing as described. Do I have to grant permissions to the App in order to be able to open the Cap object (c)? I've tried using the sudo-prompt module but it is not working.

[mscdex]

I have no idea, I don't use macos. However, the tests all run fine on macos via Travis.

[carloscuba]

Thanks for your quick reply! Any clues about why this can be happening? When I start the App from the terminal and using sudo it's working fine.

[mscdex]

Most likely a lack of permissions as the error text suggests. On most platforms you have to have special privileges to be able to start capturing packets on most network interfaces.

[robsontenorio]

@mscdex I have a similar problem on LINUX. I have libpcap and libpcap-dev installed.

But at

var linkType = c.open(device, filter, bufSize, buffer);

I got

Error: socket: Operation not permited

Do i need root privilege to able to start capturing packets on linux?

[mscdex]

Yes, the best solution is to start as root, start listening for packets, and then drop the privileges of the process using process.setgid() and process.setuid() to something more appropriate, such as the current user and group (or perhaps nobody/nobody). Perform these steps before doing anything else (including require()ing other non-node core modules). This way you can ensure that nothing else in the node process (e.g. third party modules) gets superuser privileges, which is good for security.

This is also a better solution than what you may find elsewhere online which may suggest to use setcap on the node executable which is a huge security issue because the same node executable is used to execute any and all scripts, not just the one using cap (and setcap can't be used on a shell script or limited to a specific node script).

[ghost]

sudo chmod o+r /dev/bpf* should help in reading of Berkley Packet Filter.