On Wed, Nov 11, 2020 at 06:47:27PM +0200, Vladimir Oltean wrote:
> On Wed, Nov 11, 2020 at 07:56:58AM -0800, Florian Fainelli wrote:
> > The semantics of promiscuous are pretty clear though, and if you have a
> > NIC with VLAN filtering capability which could prevent the stack from
> > seeing *all* packets, that would be considered a bug. I suppose that you
> > could not disable VLAN filtering but instead install all 4096 - N VLANs
> > (N being currently used) into the filter to guarantee receiving those
> > VLAN tagged frames?
>
> Are they?
>
> IEEE 802.3 clause 30.3.1.1.16 aPromiscuousStatus says:
>
> APPROPRIATE SYNTAX:
> BOOLEAN
>
> BEHAVIOUR DEFINED AS:
> A GET operation returns the value “true” for promiscuous mode enabled, and
> “false” otherwise.
>
> Frames without errors received solely because this attribute has the value
> “true” are counted as
> frames received correctly; frames received in this mode that do contain
> errors update the
> appropriate error counters.
>
> A SET operation to the value “true” provides a means to cause the
> LayerMgmtRecognizeAddress
> function to accept frames regardless of their destination address.
>
> A SET operation to the value “false” causes the MAC sublayer to return to the
> normal operation
> of carrying out address recognition procedures for station, broadcast, and
> multicast group
> addresses (LayerMgmtRecognizeAddress function).;
>
>
> As for IEEE 802.1Q, there's nothing about promiscuity in the context of
> VLAN there.
>
> Sadly, I think promiscuity refers only to address recognition for the
> purpose of packet termination. I cannot find any reference to VLAN in
> the context of promiscuity, or, for that matter, I cannot find any
> reference coming from a standards body that promiscuity would mean
> "accept all packets".
I realize I did not tell you what the LayerMgmtRecognizeAddress function
does.
function LayerMgmtRecognizeAddress(address: AddressValue): Boolean;
begin
if {promiscuous receive enabled} then LayerMgmtRecognizeAddress := true;
if address = ... {MAC station address} then LayerMgmtRecognizeAddress
:= true;
if address = ... {Broadcast address} then LayerMgmtRecognizeAddress :=
true;
if address = ... {One of the addresses on the multicast list and
multicast reception is enabled} then LayerMgmtRecognizeAddress := true;
LayerMgmtRecognizeAddress := false
end; {LayerMgmtRecognizeAddress}
Markus complained about the tcpdump program in particular. Well, tcpdump
is a complex beast, and far too often, people seem to conflate tcpdump
with promiscuity, even though:
- promiscuity is not what enables tcpdump to see "all packets" being
sent/received by the network stack on that interface, but ETH_P_ALL
sockets are what do the magic there
- tcpdump also has a --no-promiscuous-mode option.
I would expect that tcpdump could gain a feature to disable (even if
temporarily) the rx-vlan-filter offload, through an ethtool netlink
message. Then users could get what they expect.
