On 05/16/2016 12:28 PM, Christoph Lameter wrote:
> On Mon, 16 May 2016, Doug Ledford wrote:
>
>>> CAP_NET_RAW is sufficient for tcpdump and this is not more than that.
>>
>>
>> That's not true. In order to set promisc on an interface, tcpdump calls
>> ioctl with SIOCSIFFLAGS as the ioctl and IFF_PROMISC set in the flags,
>> and in net/core/dev_ioctl.c we see this check for SIOCSIFFLAGS:
>
> Tcpdump works fine without promiscuous mode. DONT_TRAP does not
> mean that the interface is switched into promiscuous mode. It just means
> that all traffic accepted by the hardware is also going to the QP
> specified.
>
> One can switch the interface into promiscuous mode in addition if one
> wants that. Then you need CAP_NET_ADMIN.
I've applied your patch. I completely reworded the commit message,
you'll want to check that it meets your satisfaction before I issue my
pull request.
--
Doug Ledford <dledford@xxxxxxxxxx>
GPG KeyID: 0E572FDD
Attachment:
signature.asc
Description: OpenPGP digital signature
