Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1942331

Summary: [RFE] Allow to set physical interfaces in promiscuous mode [NM]
Product: Red Hat Enterprise Linux 8 Reporter: Gris Ge <fge>
Component: NetworkManagerAssignee: Fernando F. Mancera <ferferna>
Status: CLOSED ERRATA QA Contact: Vladimir Benes <vbenes>
Severity: unspecified Docs Contact: Mayuresh Kulkarni <maykulka>
Priority: high    
Version: 8.4CC: acardace, atragler, bgalvani, djuran, ferferna, fpokryvk, igkioka, lrintel, rkhan, sukulkar, till, vbenes
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: 8.5Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: NetworkManager-1.32.0-0.4.el8 Doc Type: Enhancement
Doc Text:
.New property in NetworkManager for setting physical and virtual interfaces in promiscuous mode With this update the `802-3-ethernet.accept-all-mac-addresses` property has been added to NetworkManager for setting physical and virtual interfaces in the `accept all MAC addresses` mode. With this update, the kernel can accept network packages targeting current interfaces’ MAC address in the `accept all MAC addresses` mode. To enable `accept all MAC addresses` mode on `eth1`, use the following command: ---- $ sudo nmcli c add type ethernet ifname eth1 connection.id eth1 802-3-ethernet.accept-all-mac-addresses true ----
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 19:29:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1937012    

Description Gris Ge 2021-03-24 08:07:21 UTC 
Description of problem:


There is no way to configure a physical interface in promiscuous mode from a NodeNetworkConfigurationPolicy. In this case, a telco customer wanted to set a bond interface into promiscuous mode to permit a couple of CNFs to work properly.

Version-Release number of selected component (if applicable):

kubernetes-nmstate installed from CNV operator on OCP 4.6. Actually using Red Hat Enterprise Linux CoreOS 46.82.202102120340-0 (based on RHEL 8.2)
Comment 3 Fernando F. Mancera 2021-04-22 13:29:41 UTC 
Upstream MR: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/810
Comment 7 Filip Pokryvka 2021-05-07 06:26:40 UTC 
When setting the property via nmcli:

nmcli con mod id testeth0 802-3-ethernet.accept-all-mac-addresses true

then the setting is not saved, `nmcli con show id testeth0` shows the following:

802-3-ethernet.accept-all-mac-addresses:-1 (default)

And so, it is not mirrored to the link flag (`ip -d link` always shows "promiscuity 0").

Setting this bug to FailedQA.
Comment 8 Fernando F. Mancera 2021-05-07 08:08:34 UTC 
(In reply to Filip Pokryvka from comment #7)
> When setting the property via nmcli:
> 
> nmcli con mod id testeth0 802-3-ethernet.accept-all-mac-addresses true
> 
> then the setting is not saved, `nmcli con show id testeth0` shows the
> following:
> 
> 802-3-ethernet.accept-all-mac-addresses:-1 (default)
> 
> And so, it is not mirrored to the link flag (`ip -d link` always shows
> "promiscuity 0").
> 
> Setting this bug to FailedQA.

Hello Filip, thank you for the comments. I do not understand why is this happening. It is working correctly for me:

```
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con mod id eth1 802-3-ethernet.accept-all-mac-addresses true
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con show eth1
connection.id:                          eth1
connection.uuid:                        a4d9707d-68e5-40ba-891b-e6b093df427b
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              eth1
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1620374693
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        disable
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.wait-device-timeout:         -1
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          no
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      36:B6:BA:5B:32:11
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist:   --
802-3-ethernet.mtu:                     1500
802-3-ethernet.s390-subchannels:        --
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            --
802-3-ethernet.wake-on-lan:             default
802-3-ethernet.wake-on-lan-password:    --
802-3-ethernet.accept-all-mac-addresses:1 (true)
ipv4.method:                            disabled
ipv4.dns:                               --
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con up eth1                                                 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@d5d5dc33ee19 nmstate-workspace]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if70: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 26:c0:c9:76:51:3a brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.88.0.44/16 brd 10.88.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::24c0:c9ff:fe76:513a/64 scope link 
       valid_lft forever preferred_lft forever
5: eth1@if4: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 36:b6:ba:5b:32:11 brd ff:ff:ff:ff:ff:ff link-netns nmstate_test
    inet6 fe80::34b6:baff:fe5b:3211/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
7: eth2@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 92:89:9f:21:96:bb brd ff:ff:ff:ff:ff:ff link-netns nmstate_test
    inet6 fe80::9089:9fff:fe21:96bb/64 scope link 
       valid_lft forever preferred_lft forever
```

Could you provide more details? NetworkManager version, logs or more outputs so I can debug or try to reproduce it. Thanks!
Comment 10 Fernando F. Mancera 2021-05-11 07:59:32 UTC 
A fix was required for this BZ. Upstream commit: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/eee4332e8facfa5ff5940fa1655575d76ca143ea
Comment 19 errata-xmlrpc 2021-11-09 19:29:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: NetworkManager security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4361