RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1942331 - [RFE] Allow to set physical interfaces in promiscuous mode [NM]
Summary: [RFE] Allow to set physical interfaces in promiscuous mode [NM]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: NetworkManager
Version: 8.4
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: 8.5
Assignee: Fernando F. Mancera
QA Contact: Vladimir Benes
Mayuresh Kulkarni
URL:
Whiteboard:
Depends On:
Blocks: 1937012
TreeView+ depends on / blocked
 
Reported: 2021-03-24 08:07 UTC by Gris Ge
Modified: 2021-11-10 06:50 UTC (History)
12 users (show)

Fixed In Version: NetworkManager-1.32.0-0.4.el8
Doc Type: Enhancement
Doc Text:
.New property in NetworkManager for setting physical and virtual interfaces in promiscuous mode With this update the `802-3-ethernet.accept-all-mac-addresses` property has been added to NetworkManager for setting physical and virtual interfaces in the `accept all MAC addresses` mode. With this update, the kernel can accept network packages targeting current interfaces’ MAC address in the `accept all MAC addresses` mode. To enable `accept all MAC addresses` mode on `eth1`, use the following command: ---- $ sudo nmcli c add type ethernet ifname eth1 connection.id eth1 802-3-ethernet.accept-all-mac-addresses true ----
Clone Of:
Environment:
Last Closed: 2021-11-09 19:29:51 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4361 0 None None None 2021-11-09 19:30:15 UTC
freedesktop.org Gitlab NetworkManager NetworkManager-ci merge_requests 758 0 None opened Add accept-all-mac-addresses tests 2021-05-26 09:08:06 UTC
freedesktop.org Gitlab NetworkManager/NetworkManager/-/commit/eee4332e8facfa5ff5940fa1655575d76ca143ea 0 None None None 2021-05-11 07:59:32 UTC
freedesktop.org Gitlab NetworkManager NetworkManager merge_requests 810 0 None None None 2021-04-22 13:29:40 UTC

Description Gris Ge 2021-03-24 08:07:21 UTC 
Description of problem:


There is no way to configure a physical interface in promiscuous mode from a NodeNetworkConfigurationPolicy. In this case, a telco customer wanted to set a bond interface into promiscuous mode to permit a couple of CNFs to work properly.

Version-Release number of selected component (if applicable):

kubernetes-nmstate installed from CNV operator on OCP 4.6. Actually using Red Hat Enterprise Linux CoreOS 46.82.202102120340-0 (based on RHEL 8.2)
Comment 3 Fernando F. Mancera 2021-04-22 13:29:41 UTC 
Upstream MR: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/810
Comment 7 Filip Pokryvka 2021-05-07 06:26:40 UTC 
When setting the property via nmcli:

nmcli con mod id testeth0 802-3-ethernet.accept-all-mac-addresses true

then the setting is not saved, `nmcli con show id testeth0` shows the following:

802-3-ethernet.accept-all-mac-addresses:-1 (default)

And so, it is not mirrored to the link flag (`ip -d link` always shows "promiscuity 0").

Setting this bug to FailedQA.
Comment 8 Fernando F. Mancera 2021-05-07 08:08:34 UTC 
(In reply to Filip Pokryvka from comment #7)
> When setting the property via nmcli:
> 
> nmcli con mod id testeth0 802-3-ethernet.accept-all-mac-addresses true
> 
> then the setting is not saved, `nmcli con show id testeth0` shows the
> following:
> 
> 802-3-ethernet.accept-all-mac-addresses:-1 (default)
> 
> And so, it is not mirrored to the link flag (`ip -d link` always shows
> "promiscuity 0").
> 
> Setting this bug to FailedQA.

Hello Filip, thank you for the comments. I do not understand why is this happening. It is working correctly for me:

```
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con mod id eth1 802-3-ethernet.accept-all-mac-addresses true
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con show eth1
connection.id:                          eth1
connection.uuid:                        a4d9707d-68e5-40ba-891b-e6b093df427b
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              eth1
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1620374693
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        disable
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.wait-device-timeout:         -1
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          no
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      36:B6:BA:5B:32:11
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist:   --
802-3-ethernet.mtu:                     1500
802-3-ethernet.s390-subchannels:        --
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            --
802-3-ethernet.wake-on-lan:             default
802-3-ethernet.wake-on-lan-password:    --
802-3-ethernet.accept-all-mac-addresses:1 (true)
ipv4.method:                            disabled
ipv4.dns:                               --
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
[root@d5d5dc33ee19 nmstate-workspace]# nmcli con up eth1                                                 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@d5d5dc33ee19 nmstate-workspace]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if70: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 26:c0:c9:76:51:3a brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.88.0.44/16 brd 10.88.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::24c0:c9ff:fe76:513a/64 scope link 
       valid_lft forever preferred_lft forever
5: eth1@if4: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 36:b6:ba:5b:32:11 brd ff:ff:ff:ff:ff:ff link-netns nmstate_test
    inet6 fe80::34b6:baff:fe5b:3211/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
7: eth2@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 92:89:9f:21:96:bb brd ff:ff:ff:ff:ff:ff link-netns nmstate_test
    inet6 fe80::9089:9fff:fe21:96bb/64 scope link 
       valid_lft forever preferred_lft forever
```

Could you provide more details? NetworkManager version, logs or more outputs so I can debug or try to reproduce it. Thanks!
Comment 10 Fernando F. Mancera 2021-05-11 07:59:32 UTC 
A fix was required for this BZ. Upstream commit: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/eee4332e8facfa5ff5940fa1655575d76ca143ea
Comment 19 errata-xmlrpc 2021-11-09 19:29:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: NetworkManager security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4361
Note You need to log in before you can comment on or make changes to this bug.