OpenVAS Change Request #5: Remove BPF sharing feature

Status: Voted +4. Implemented with SVN 728. Released with openvas-libraries 1.0.1.

Purpose

To reduce code base.

To avoid potential stability problem with a feature marked as highly experimental.

References

Discussion on openvas-devel mailing list.

Rationale

This feature was marked as highly experimental already in the old Nessus times. According to the documentation the feature is only relevant for BSD platforms where a specific kernel option is not set and can not be modified.

Additionally, Flawfinder alerts about potential serious problems that appear to not be solvable easily.

Apart from this, there seem to be no OpenVAS users that use the feature (i.e., configure with option --enable-bpf-sharing).

Effects

• It will not be possible anymore to compile with option --enable-bpf-sharing.
• According to the documentation inherited from Nessus it might thus be problematic to run pcap-aware plugins on BSD systems in case the kernel is or can not compiled with option "pseudo-device bpfilter NUM".

Design and Implementation

• Remove the "ifdef HAVE_DEV_BPFN" block and only leave the corresponding "else" block in libopenvas/bpf_share.c.
• Remove option "--enable-bpf-sharing" from configure.in.
• Remove corresponding hints in README.BPF.

History

• 2008-02-23 Jan-Oliver Wagner <jan-oliver.wagner@intevation.de>:
  Initial text.
• 2008-03-17 Jan-Oliver Wagner <jan-oliver.wagner@intevation.de>:
  Added vote result and implementation note.
• 2008-04-05 Jan-Oliver Wagner <jan-oliver.wagner@intevation.de>:
  Update status.