lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 12 Feb 2019 16:42:45 +0100
From:   Phil Sutter <phil@....cc>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     netdev@...r.kernel.org,
        William Flanagan <bill@...nagan-consulting.com>
Subject: Re: [iproute PATCH] man: ip-link: Describe promisc mode

Hi,

On Mon, Feb 11, 2019 at 11:36:10AM -0800, Stephen Hemminger wrote:
> On Mon, 11 Feb 2019 10:17:06 +0100
> Phil Sutter <phil@....cc> wrote:
[...]
> > diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
> > index 73d37c190fffa..5c327f01b6b45 100644
> > --- a/man/man8/ip-link.8.in
> > +++ b/man/man8/ip-link.8.in
> > @@ -1780,6 +1780,14 @@ flag on the device. Indicates that address can change when interface goes down (
> >  .B NOT
> >  used by the Linux).
> >  
> > +.TP
> > +.BR "promisc on " or " promisc off"
> > +change the
> > +.B PROMISC
> > +flag on the device. This requests receipt of all packets arriving at the NIC
> > +irrespective of their destination MAC address. It is typically used by traffic
> > +sniffers and also set by Linux bridges for their ports.
> 
> This added sentence is confusing. The Linux bridge enables it by default,
> and if a sniffer wants to enable it then it is best done from the application.
> In either case the user should not need to directly set this through ip commands.

Well, "used by traffic sniffers" does not imply they don't set it by
themselves (at least not in the German accent I'm reading it :). And
there probably are ones that don't.

> Yes, there are a lots of incorrect web pages out there that say you need to
> set an interface into promiscious mode (with ifconfig) before adding it to a bridge.
> That might have been true 20 years ago, but hasn't been needed since Linux 2.4

In this case ip-link.8 would become a resource pointing out that bridges
do that by themselves nowadays.

> Bottom line, adding this to the documentation is not going to be helpful.

OK, so I'll send a v2 with that last sentence removed?

Thanks, Phil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ