lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <184D23435BECB444AB6B9D4630C8EC83028548AC@XMB-RCD-303.cisco.com>
Date:	Thu, 15 Sep 2011 16:56:16 -0500
From:	"Christian Benvenuti (benve)" <benve@...co.com>
To:	<netdev@...r.kernel.org>
Cc:	<mst@...hat.com>, "Roopa Prabhu (roprabhu)" <roprabhu@...co.com>,
	"David Wang (dwang2)" <dwang2@...co.com>
Subject: macvtap mode private - IFF_PROMISC flag visibility for userspace

When you use/create a macvtap interface in passthrou mode, the lowerdev
is put
into promiscuous mode (NOTE: this may change if/once Roopa's rx_filter
changes
get merged - http://www.spinics.net/lists/netdev/msg174245.html).

However, macvtap also puts the lowerdev into promiscuous mode when
- mode is "macvtap private"
AND
- the lowerdev does not support ndo_set_rx_mode

This would be the codepath in the latter case:

macvlan_open
|
+--> dev_uc_add
     |
     +--> __dev_set_rx_mode
         |
         +--> if (!ndo_set_rx_mode)
                __dev_set_promiscuity

The difference between the two cases above (passthru vs private) however
is that the status of IFF_PROMISC is not exported the same way to user
space:
In the second case (private) dev_get_flags does not return the
IFF_PROMISC flag.
This means that, for example, neither 'ifconfig' nor 'ip link' show that
the
lowerdev is in promisc mode. This does not help throubleshooting.

Yes, the kernel generates a log message when it changes the promiscuity
mode
of the card, but...

Yes, you can check whether IFF_PROMISC is set or not by looking at

  /sys/class/net/<dev_name>/flags

but I can't see why dev_get_flags should not return it too.
Right now dev_get_flags returns IFF_PROMISC only if it set in
dev->gflags, ie it
ignores dev->flags & IFF_PROMISC.
Is this the expected behavior by design?

/Chris

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ