Bug 1942331

Summary: [RFE] Allow to set physical interfaces in promiscuous mode [NM]
Product: Red Hat Enterprise Linux 8 Reporter: Gris Ge <fge>
Component: NetworkManagerAssignee: Fernando F. Mancera <ferferna>
Status: CLOSED ERRATA QA Contact: Vladimir Benes <vbenes>
Severity: unspecified Docs Contact: Mayuresh Kulkarni <maykulka>
Priority: high    
Version: 8.4CC: acardace, atragler, bgalvani, djuran, ferferna, fpokryvk, igkioka, lrintel, rkhan, sukulkar, till, vbenes
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 8.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: NetworkManager-1.32.0-0.4.el8 Doc Type: Enhancement
Doc Text:
.New property in NetworkManager for setting physical and virtual interfaces in promiscuous mode With this update the `802-3-ethernet.accept-all-mac-addresses` property has been added to NetworkManager for setting physical and virtual interfaces in the `accept all MAC addresses` mode. With this update, the kernel can accept network packages targeting current interfaces’ MAC address in the `accept all MAC addresses` mode. To enable `accept all MAC addresses` mode on `eth1`, use the following command: ---- $ sudo nmcli c add type ethernet ifname eth1 connection.id eth1 802-3-ethernet.accept-all-mac-addresses true ----
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 19:29:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1937012    

Description Gris Ge 2021-03-24 08:07:21 UTC 
Description of problem:


There is no way to configure a physical interface in promiscuous mode from a NodeNetworkConfigurationPolicy. In this case, a telco customer wanted to set a bond interface into promiscuous mode to permit a couple of CNFs to work properly.

Version-Release number of selected component (if applicable):

kubernetes-nmstate installed from CNV operator on OCP 4.6. Actually using Red Hat Enterprise Linux CoreOS 46.82.202102120340-0 (based on RHEL 8.2)
Comment 3 Fernando F. Mancera 2021-04-22 13:29:41 UTC 
Upstream MR: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/810
Comment 7 Filip Pokryvka 2021-05-07 06:26:40 UTC 
When setting the property via nmcli:

nmcli con mod id testeth0 802-3-ethernet.accept-all-mac-addresses true

then the setting is not saved, `nmcli con show id testeth0` shows the following:

802-3-ethernet.accept-all-mac-addresses:-1 (default)

And so, it is not mirrored to the link flag (`ip -d link` always shows "promiscuity 0").

Setting this bug to FailedQA.
Comment 8 Fernando F. Mancera 2021-05-07 08:08:34 UTC 
(In reply to Filip Pokryvka from comment #7)
> When setting the property via nmcli:
> 
> nmcli con mod id testeth0 802-3-ethernet.accept-all-mac-addresses true
> 
> then the setting is not saved, `nmcli con show id testeth0` shows the
> following:
> 
> 802-3-ethernet.accept-all-mac-addresses:-1 (default)
> 
> And so, it is not mirrored to the link flag (`ip -d link` always shows
> "promiscuity 0").
> 
> Setting this bug to FailedQA.

Hello Filip, thank you for the comments. I do not understand why is this happening. It is working correctly for me:

```
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con mod id eth1 802-3-ethernet.accept-all-mac-addresses true
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con show eth1
connection.id:                          eth1
connection.uuid:                        a4d9707d-68e5-40ba-891b-e6b093df427b
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              eth1
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1620374693
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        disable
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.wait-device-timeout:         -1
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          no
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      36:B6:BA:5B:32:11
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist:   --
802-3-ethernet.mtu:                     1500
802-3-ethernet.s390-subchannels:        --
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            --
802-3-ethernet.wake-on-lan:             default
802-3-ethernet.wake-on-lan-password:    --
802-3-ethernet.accept-all-mac-addresses:1 (true)
ipv4.method:                            disabled
ipv4.dns:                               --
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con up eth1                                                 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@d5d5dc33ee19 nmstate-workspace]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if70: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 26:c0:c9:76:51:3a brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.88.0.44/16 brd 10.88.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::24c0:c9ff:fe76:513a/64 scope link 
       valid_lft forever preferred_lft forever
5: eth1@if4: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 36:b6:ba:5b:32:11 brd ff:ff:ff:ff:ff:ff link-netns nmstate_test
    inet6 fe80::34b6:baff:fe5b:3211/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
7: eth2@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 92:89:9f:21:96:bb brd ff:ff:ff:ff:ff:ff link-netns nmstate_test
    inet6 fe80::9089:9fff:fe21:96bb/64 scope link 
       valid_lft forever preferred_lft forever
```

Could you provide more details? NetworkManager version, logs or more outputs so I can debug or try to reproduce it. Thanks!
Comment 10 Fernando F. Mancera 2021-05-11 07:59:32 UTC 
A fix was required for this BZ. Upstream commit: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/eee4332e8facfa5ff5940fa1655575d76ca143ea
Comment 19 errata-xmlrpc 2021-11-09 19:29:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: NetworkManager security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4361