Bug 109436

Summary: no promiscuous mode
Product: [Fedora] Fedora Reporter: Pete Zaitcev <zaitcev>
Component: net-toolsAssignee: Radek Vokál <rvokal>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-09 10:40:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pete Zaitcev 2003-11-07 20:38:09 UTC
Running tcpdump with or without -p only captures the packets directed
to the host, or broadcasts. ifconfig does not show promiscuous flag.

NIC: e100
kernel-2.4.22-1.2115.nptl
tcpdump-3.7.2-7.1

BTW, the man page reverted to its original. It specifies
default promiscuous, -p making non-promiscuous. See bug 6464
for context.

Comment 1 Harald Hoyer 2003-11-24 10:04:47 UTC
ifconfig does not seem to show the correct flags... try "/sbin/ip link"

[harald@faro harald]$ sudo /sbin/ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:01:02:f1:85:f4 brd ff:ff:ff:ff:ff:ff
[harald@faro harald]$ sudo /sbin/ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:01:02:f1:85:f4 brd ff:ff:ff:ff:ff:ff
[harald@faro harald]$ sudo /sbin/ifconfig
eth0      Protokoll:Ethernet  Hardware Adresse 00:01:02:F1:85:F4
          inet Adresse:172.16.2.162  Bcast:172.16.2.255 
Maske:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7644385 errors:0 dropped:0 overruns:1 frame:0
          TX packets:4984513 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0
          RX bytes:4026752812 (3840.2 Mb)  TX bytes:514514184 (490.6 Mb)

lo        Protokoll:Lokale Schleife
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8139 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8139 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0
          RX bytes:10844282 (10.3 Mb)  TX bytes:10844282 (10.3 Mb)



Comment 2 Harald Hoyer 2003-11-24 10:05:31 UTC
reassigning to net-tools

Comment 4 Karel Zak 2005-01-11 17:34:05 UTC
From: [EMAIL PROTECTED] (Frédéric Raynal)
Date: Thu, 25 Jul 2002 08:09:44 +0200

This is a well knwon issue and C. Grenier and I have understood why
very recently. In fact, this due to the changing of the handling of 
promiscuous mode in kernel space.

With kernel 2.0, one had to perform the following to set the interface
to promiscuous mode:
  
  strncpy(ifr.ifr_name, "eth0", IFNAMSIZ);
  ioctl(sock, SIOCGIFFLAGS, &ifr);
  ifr.ifr_flags |= IFF_PROMISC;
  ioctl(sock, SIOCSIFFLAGS, &ifr);

The trouble was that the promiscuous mode was handled by a flag.  Each
time a process sets this mode, the flag is set. But if another process
removes this mode, the flag is cleared. Rather bad behavior.

Since kernel 2.2, a processus must ask to enter in a membership of
process (setsockopt(..., PACKET_ADD_MEMBERSHIP,...)) using the
interface in promiscuous mode. A counter is then increased. One a
process of the membership does not need the promiscuous mode anymore,
it drops the membership (setsockopt(..., PACKET_DROP_MEMBERSHIP, ...))
the counter is decreased, and promiscuous mode is disabled as soon as
the counter is 0. 

  struct packet_mreq mr;
  ...
  memset(&amp;mr,0,sizeof(mr));
  mr.mr_ifindex = ifr.ifr_ifindex;
  mr.mr_type =  PACKET_MR_PROMISC;
  setsockopt(sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (char *)&mr,
sizeof(mr));

The call to ioctl(SIOCGIFFLAGS) reports only promiscuous mode sets by
ioctl(SIOCSIFFLAGS).

---

http://lists.virus.org/bugtraq-0207/msg00347.html
http://www.tcpdump.org/lists/workers/2001/01/msg00184.html
http://marc.theaimsgroup.com/?t=101356558000002&r=1&w=2


Comment 5 Radek Vokál 2005-02-09 10:40:59 UTC
Fixed in current release ..