Bug 109436 - no promiscuous mode
no promiscuous mode
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: net-tools (Show other bugs)
1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Radek Vokal
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-07 15:38 EST by Pete Zaitcev
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-09 05:40:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pete Zaitcev 2003-11-07 15:38:09 EST
Running tcpdump with or without -p only captures the packets directed
to the host, or broadcasts. ifconfig does not show promiscuous flag.

NIC: e100
kernel-2.4.22-1.2115.nptl
tcpdump-3.7.2-7.1

BTW, the man page reverted to its original. It specifies
default promiscuous, -p making non-promiscuous. See bug 6464
for context.
Comment 1 Harald Hoyer 2003-11-24 05:04:47 EST
ifconfig does not seem to show the correct flags... try "/sbin/ip link"

[harald@faro harald]$ sudo /sbin/ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:01:02:f1:85:f4 brd ff:ff:ff:ff:ff:ff
[harald@faro harald]$ sudo /sbin/ip link
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:01:02:f1:85:f4 brd ff:ff:ff:ff:ff:ff
[harald@faro harald]$ sudo /sbin/ifconfig
eth0      Protokoll:Ethernet  Hardware Adresse 00:01:02:F1:85:F4
          inet Adresse:172.16.2.162  Bcast:172.16.2.255 
Maske:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7644385 errors:0 dropped:0 overruns:1 frame:0
          TX packets:4984513 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0
          RX bytes:4026752812 (3840.2 Mb)  TX bytes:514514184 (490.6 Mb)

lo        Protokoll:Lokale Schleife
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8139 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8139 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0
          RX bytes:10844282 (10.3 Mb)  TX bytes:10844282 (10.3 Mb)

Comment 2 Harald Hoyer 2003-11-24 05:05:31 EST
reassigning to net-tools
Comment 4 Karel Zak 2005-01-11 12:34:05 EST
From: [EMAIL PROTECTED] (Frédéric Raynal)
Date: Thu, 25 Jul 2002 08:09:44 +0200

This is a well knwon issue and C. Grenier and I have understood why
very recently. In fact, this due to the changing of the handling of 
promiscuous mode in kernel space.

With kernel 2.0, one had to perform the following to set the interface
to promiscuous mode:
  
  strncpy(ifr.ifr_name, "eth0", IFNAMSIZ);
  ioctl(sock, SIOCGIFFLAGS, &ifr);
  ifr.ifr_flags |= IFF_PROMISC;
  ioctl(sock, SIOCSIFFLAGS, &ifr);

The trouble was that the promiscuous mode was handled by a flag.  Each
time a process sets this mode, the flag is set. But if another process
removes this mode, the flag is cleared. Rather bad behavior.

Since kernel 2.2, a processus must ask to enter in a membership of
process (setsockopt(..., PACKET_ADD_MEMBERSHIP,...)) using the
interface in promiscuous mode. A counter is then increased. One a
process of the membership does not need the promiscuous mode anymore,
it drops the membership (setsockopt(..., PACKET_DROP_MEMBERSHIP, ...))
the counter is decreased, and promiscuous mode is disabled as soon as
the counter is 0. 

  struct packet_mreq mr;
  ...
  memset(&amp;mr,0,sizeof(mr));
  mr.mr_ifindex = ifr.ifr_ifindex;
  mr.mr_type =  PACKET_MR_PROMISC;
  setsockopt(sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (char *)&mr,
sizeof(mr));

The call to ioctl(SIOCGIFFLAGS) reports only promiscuous mode sets by
ioctl(SIOCSIFFLAGS).

---

http://lists.virus.org/bugtraq-0207/msg00347.html
http://www.tcpdump.org/lists/workers/2001/01/msg00184.html
http://marc.theaimsgroup.com/?t=101356558000002&r=1&w=2
Comment 5 Radek Vokal 2005-02-09 05:40:59 EST
Fixed in current release .. 

Note You need to log in before you can comment on or make changes to this bug.