On 05/16/2016 12:28 PM, Christoph Lameter wrote: > On Mon, 16 May 2016, Doug Ledford wrote: > >>> CAP_NET_RAW is sufficient for tcpdump and this is not more than that. >> >> >> That's not true. In order to set promisc on an interface, tcpdump calls >> ioctl with SIOCSIFFLAGS as the ioctl and IFF_PROMISC set in the flags, >> and in net/core/dev_ioctl.c we see this check for SIOCSIFFLAGS: > > Tcpdump works fine without promiscuous mode. DONT_TRAP does not > mean that the interface is switched into promiscuous mode. It just means > that all traffic accepted by the hardware is also going to the QP > specified. > > One can switch the interface into promiscuous mode in addition if one > wants that. Then you need CAP_NET_ADMIN. I've applied your patch. I completely reworded the commit message, you'll want to check that it meets your satisfaction before I issue my pull request. -- Doug Ledford <dledford@xxxxxxxxxx> GPG KeyID: 0E572FDD
Attachment:
signature.asc
Description: OpenPGP digital signature