promiscuous mode, was Re: [HECnet] Multinet Tunnel Connections to SG1::

Johnny Billquist bqt at softjar.se
Fri Jun 8 15:50:52 PDT 2012 

On 2012-06-08 16:42, Paul_Koning at Dell.com wrote:

On Jun 8, 2012, at 2:00 AM, Johnny Billquist wrote:

On 2012-06-08 01:13, Dave McGuire wrote:
On 06/07/2012 08:16 AM, Johnny Billquist wrote:
Any program that needs access to raw ethernet packets needs to run as
root. Promiscuous mode or not. Promiscuous mode itself has little to do
with this.
So if you want to run anything like a bridge or a router, you will need
to run it as root. Promiscuous mode is basically just allowing you to
share the same interface as the system is otherwise using, instead of
having to dedicate a separate ethernet interface for this.

    Maybe you're just putting this another way, but promiscuous mode is
correctly defined a bit differently than this.   When an Ethernet
controller is placed into promiscuous mode, its on-chip MAC address
filters, which normally either select or ignore inbound packets based on
their MAC address, are disabled.   ALL packets are received by the
hardware and passed to the Ethernet driver in the OS, rather than only
the ones destined for that specific interface as defined by its MAC address.

    I'm reasonably certain that you know this but were just explaining it
in a more abstract way...?

Yes. Well, actually I wasn't describing it in a more abstract way, but in a way more in terms of why you need promiscuous mode instead of what it actually does on the interface.

But reading it through now, I see that there was one implicit assumption in my text which I could have pointed out.
If you need to share the device with the system, while using a different MAC address, you need to place the device in promiscuous mode. And such is the case if we talk DECnet, since DECnet requires that you use a specific MAC address which is not the same as the default MAC address of a device.

That's true if you have a NIC and driver that only allows one individual address per physical MAC.   Most modern NICs allow multiple individual addresses since the address filter is an exact match on N (say, 16 or so) addresses, and it doesn't care whether those are individual or multicast.   The host OS drivers may or may not export that feature.   If they do, then you don't need promiscuous mode.   If they don't, or if the NIC is old enough that it can't do this, then you do.

Interesting. I wasn't aware that NICs had filters that didn't make a difference between multicast and unicast anymore... Seems potentially bad if you start using IP multicast, since that can easily become a whole bunch of multicast addresses, and then I guess you'll have to turn on promiscuous mode anyway.

The old DEC controllers for PDP-11s have a list of multicast addresses that you want to receive, so they do filter on multicast, but that list is for multicast only. There is only one unicast address.
(Those controllers also have a separate multicast promiscuous mode, except it don't work on the DEQNA and DELQA...)

	Johnny

More information about the Hecnet-list mailing list