Merge branch 'master' of https://git.loafle.net/overflow_scanner/app

config/build/mac/ChmodBPF/ChmodBPF

@@ -0,0 +1,40 @@
+#! /bin/bash
+
+#
+# Unfortunately, macOS's devfs is based on the old FreeBSD
+# one, not the current one, so there's no way to configure it
+# to create BPF devices with particular owners or groups. BPF
+# devices on macOS are also non-cloning, that is they can
+# be created on demand at any time. This startup item will
+# pre-create a number of BPF devices, then make them owned by
+# the access_bpf group, with permissions rw-rw----, so that
+# anybody in the access_bpf group can use programs that capture
+# or send raw packets.
+#
+# Change this as appropriate for your site, e.g. to make
+# it owned by a particular user without changing the permissions,
+# so only that user and the super-user can capture or send raw
+# packets, or give it the permissions rw-r-----, so that
+# only the super-user can send raw packets but anybody in the
+# admin group can capture packets.
+#
+
+# Pre-create BPF devices. Set to 0 to disable.
+FORCE_CREATE_BPF_MAX=256
+
+SYSCTL_MAX=$( sysctl -n debug.bpf_maxdevices )
+if [ "$FORCE_CREATE_BPF_MAX" -gt "$SYSCTL_MAX" ] ; then
+	FORCE_CREATE_BPF_MAX=$SYSCTL_MAX
+fi
+
+syslog -s -l notice "ChmodBPF: Forcing creation and setting permissions for /dev/bpf*"
+
+CUR_DEV=0
+while [ "$CUR_DEV" -lt "$FORCE_CREATE_BPF_MAX" ] ; do
+	# Try to do the minimum necessary to trigger the next device.
+	read -n 0 < /dev/bpf$CUR_DEV > /dev/null 2>&1
+	CUR_DEV=$(( $CUR_DEV + 1 ))
+done
+
+chgrp access_bpf /dev/bpf*
+chmod g+rw /dev/bpf*

config/build/mac/ChmodBPF/com.loafle.overflow.scanner.ChmodBPF.plist

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>com.loafle.overflow.scanner.ChmodBPF</string>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>Program</key>
+	<string>/Library/Application Support/overFlow-NetworkScanner/ChmodBPF/ChmodBPF</string>
+</dict>
+</plist>

config/build/mac/pkg/scripts/postinstall

@@ -1,3 +1,21 @@
 #!/bin/sh
 
-exit 0
+
+CHMOD_BPF="/Library/LaunchDaemons/com.loafle.overflow.scanner.ChmodBPF.plist"
+BPF_GROUP="access_bpf"
+BPF_GROUP_NAME="BPF device access ACL"
+
+dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1 || \
+    dseditgroup -q -o create "$BPF_GROUP"
+dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"
+
+cp "/Library/Application Support/overFlow-NetworkScanner/ChmodBPF/com.loafle.overflow.scanner.ChmodBPF.plist" \
+    "$CHMOD_BPF"
+chmod 755 "$CHMOD_BPF"
+chown root:wheel "$CHMOD_BPF"
+
+rm -rf /Library/StartupItems/ChmodBPF
+
+launchctl load "$CHMOD_BPF"
+
+exit 0