no PROMISC mode ..

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I'm not convinced I'm facing a bug, I was reading some code and
also reading some threads and finally reached this conclusion, please let me know if it's not clear enough and also if you don't agree : 
   - The case it shows the flag with iproute is
because it's using a single flag set.
     That was working on kernels linux <2.1.x. (2.0 etc.)
     Basically the mechanism was :
            ---
              strncpy(ifr.ifr_name, our_device, IFNAMSIZ);
              ioctl(sock, SIOCGIFFLAGS, &ifr);
              ifr.ifr_flags |= IFF_PROMISC;
              ioctl(sock, SIOCSIFFLAGS, &ifr);
           ---
     And only one could set the IFF_PROMISC, because if another process
decided to set it too, then it was cleared...
- Now, with kernels 2.2 and onwards, we have a different implementation of it, there's a counter of how many promiscuous requests have been set, and therefore a new implementation of the code to handle it and remove the one promiscuous limitation, that has been called a membership. This allows the kernel to have more than one request and remove the above problem. 

    Today, a process has to request to be part of that "packet domain"
and use the interface in promiscuous mode, then the counter will know if
there's another request (so it can handle unsets), and then, if the
process does not need anymore this mode, it will just request to be removed to that membership, decreasing the counter. 

    The code nowadays is fairly close to this :
       -----
                 struct packet_mreq mr;
                 [.....]
                 memset(&amp;mr,0,sizeof(mr));
                 mr.mr_ifindex = ifr.ifr_ifindex;
                 mr.mr_type = PACKET_MR_PROMISC;
                 setsockopt(sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, (char
*)&mr, sizeof(mr));
       -----
That would explain why I can't see it with ip or older ifconfig, any call set by ioctl(SIOCGIFFLAGS) can only bee seen by the same call family. I've checked pcap, and seems to do the right thing by setting it : 
      ----
      setsockopt(3, SOL_PACKET, PACKET_ADD_MEMBERSHIP,
"\\3\\0\\0\\0\\1\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0", 16) = 0
      ----
Hence I can't see it with neither ip or ifconfig.
Is there any reason why (ip) is not using a membership check/set instead of using ioctl() ? 


Radek
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux