[PATCH] Allow ifconfig(8) to set the PROMISC flag on interfaces.

Hi,

I noticed ifconfig(8) didn't have the promisc/-promisc flag combo found
in FreeBSD and Linux.

Here is the patch, seems kinda trivial, is there a reason for it being
left out?

Take care.
Index: ifconfig.8
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
retrieving revision 1.164
diff -u -r1.164 ifconfig.8
--- ifconfig.8 29 Jul 2008 18:20:02 -0000 1.164
+++ ifconfig.8 28 Aug 2008 22:42:52 -0000
@@ -196,6 +196,10 @@
 extra console error logging.
 .It Fl debug
 Disable driver-dependent debugging code.
+.It Cm promisc
+Put interface into permanently promiscuous mode.
+.It Fl -promisc
+Disable permanently promiscuous mode.
 .It Cm delete
 Remove the specified network address,
 including any netmask or destination address configured with this address.
Index: ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.202
diff -u -r1.202 ifconfig.c
--- ifconfig.c 17 Jul 2008 08:14:24 -0000 1.202
+++ ifconfig.c 28 Aug 2008 22:42:53 -0000
@@ -270,6 +270,8 @@
  { "-arp", IFF_NOARP, 0, setifflags },
  { "debug", IFF_DEBUG, 0, setifflags },
  { "-debug", -IFF_DEBUG, 0, setifflags },
+ { "promisc", IFF_PROMISC, 0, setifflags },
+ { "-promisc", -IFF_PROMISC, 0, setifflags },
  { "alias", IFF_UP, 0, notealias },
  { "-alias", -IFF_UP, 0, notealias },
  { "delete", -IFF_UP, 0, notealias },

On 8/28/08, Brynet <brynet@...> wrote:
===================================================================
I don't think the word permanently is appropriate here.

Ted Unangst wrote:
> On 8/28/08, Brynet <brynet@...> wrote:
> ===================================================================
>>  +.It Cm promisc
>>  +Put interface into permanently promiscuous mode.
>>  +.It Fl -promisc
>>  +Disable permanently promiscuous mode.
>
> I don't think the word permanently is appropriate here.
>

That's a copy & paste from FreeBSD, I couldn't think of a better way to
word it. :(

Apologies.

On Thu, 28 Aug 2008 18:51:17 -0400
Brynet <brynet@...> wrote:

> Hi,
>
> I noticed ifconfig(8) didn't have the promisc/-promisc flag combo found
> in FreeBSD and Linux.
>
> Here is the patch, seems kinda trivial, is there a reason for it being
> left out

Other than the "me too" factor of saying we have this flag what is this
trying to solve? At the moment I can't really think of why we would want
this. But I'm open to suggestions. Any situation that I can think of where
promiscuous mode is necessary is dealt with by the subsystem (.e.g. bridging)
or application.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

On Thu, Aug 28, 2008 at 06:51:17PM -0400, Brynet wrote:
> Hi,
>
> I noticed ifconfig(8) didn't have the promisc/-promisc flag combo found
> in FreeBSD and Linux.
>
> Here is the patch, seems kinda trivial, is there a reason for it being
> left out?
>

Why do you need it? Setting promisc mode on interfaces should be done
automagically by the software needing it and not by the admin.
At least until now I never had to do this or even think about it.

--
:wq Claudio

On Fri, 29 Aug 2008, Claudio Jeker wrote:

Following has happened to me on a couple of occations - home broadband
delivery guy checks your connection using a laptop (i.e the router learns
the laptop MAC), then when connecting your own machine the gratituous ARP
isn't getting through to the router for some reason (theory was the
fan-out VLAN code did something "clever") -> the router continues to send
to old MAC.

As the routers in question were Ciscos, using their "wise" default ARP
cache timeout value of 4 hours, I ended up running tcpdump on the affected
interfaces for the first few hours. :)

That said, I don't really see a reason for a promisc ifconfig flag either,
the issues above were always temporary.

/H

Without questioning Claudio's opinion that this feature is
probably unnecessary, I would like to use this opportunity to
point to bug that one can circumvent by setting an interface
manually into promiscuous mode.

bug 5012: vlan(4) accepts packets that have a MAC address
different than the one set on the vlan interface - but only when
it is *not* in promiscuous mode (i.e., any frame broadcasted by
a switch then gets accepted by vlan(4) - I had some nice routing
loops between my two core routers).

Putting the vlan(4) interface into promiscous mode makes the
problem go away. Currently, I simply defined a carp(4) interface
over the vlan(4), this ensures that the vlan(4) is in
promiscuous mode...

- Christian