lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 11 Feb 2019 11:36:10 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Phil Sutter <phil@....cc>
Cc:     netdev@...r.kernel.org,
        William Flanagan <bill@...nagan-consulting.com>
Subject: Re: [iproute PATCH] man: ip-link: Describe promisc mode

On Mon, 11 Feb 2019 10:17:06 +0100
Phil Sutter <phil@....cc> wrote:

> Briefly explain what it is and where it's typically used.
> 
> Signed-off-by: Phil Sutter <phil@....cc>
> ---
>  man/man8/ip-link.8.in | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
> index 73d37c190fffa..5c327f01b6b45 100644
> --- a/man/man8/ip-link.8.in
> +++ b/man/man8/ip-link.8.in
> @@ -1780,6 +1780,14 @@ flag on the device. Indicates that address can change when interface goes down (
>  .B NOT
>  used by the Linux).
>  
> +.TP
> +.BR "promisc on " or " promisc off"
> +change the
> +.B PROMISC
> +flag on the device. This requests receipt of all packets arriving at the NIC
> +irrespective of their destination MAC address. It is typically used by traffic
> +sniffers and also set by Linux bridges for their ports.

This added sentence is confusing. The Linux bridge enables it by default,
and if a sniffer wants to enable it then it is best done from the application.
In either case the user should not need to directly set this through ip commands.

Yes, there are a lots of incorrect web pages out there that say you need to
set an interface into promiscious mode (with ifconfig) before adding it to a bridge.
That might have been true 20 years ago, but hasn't been needed since Linux 2.4

Bottom line, adding this to the documentation is not going to be helpful.

Powered by blists - more mailing lists