promiscuous mode, was Re: [HECnet] Multinet Tunnel Connections to SG1::

Johnny Billquist bqt at softjar.se
Fri Jun 8 07:00:11 PDT 2012 

On 2012-06-08 01:13, Dave McGuire wrote:
On 06/07/2012 08:16 AM, Johnny Billquist wrote:
Any program that needs access to raw ethernet packets needs to run as
root. Promiscuous mode or not. Promiscuous mode itself has little to do
with this.
So if you want to run anything like a bridge or a router, you will need
to run it as root. Promiscuous mode is basically just allowing you to
share the same interface as the system is otherwise using, instead of
having to dedicate a separate ethernet interface for this.

    Maybe you're just putting this another way, but promiscuous mode is
correctly defined a bit differently than this.   When an Ethernet
controller is placed into promiscuous mode, its on-chip MAC address
filters, which normally either select or ignore inbound packets based on
their MAC address, are disabled.   ALL packets are received by the
hardware and passed to the Ethernet driver in the OS, rather than only
the ones destined for that specific interface as defined by its MAC address.

    I'm reasonably certain that you know this but were just explaining it
in a more abstract way...?

Yes. Well, actually I wasn't describing it in a more abstract way, but in a way more in terms of why you need promiscuous mode instead of what it actually does on the interface.

But reading it through now, I see that there was one implicit assumption in my text which I could have pointed out.
If you need to share the device with the system, while using a different MAC address, you need to place the device in promiscuous mode. And such is the case if we talk DECnet, since DECnet requires that you use a specific MAC address which is not the same as the default MAC address of a device.

And to make a correction to your text, when not in promiscuous mode, your ethernet controller will filter out packets that do not have your MAC address, and packets that don't have the multicast bit set (possibly you can also get it to filter more specific on multicast ethernet packets, but multicast is a separate story from unicast packets on ethernet controllers anyway).

	Johnny

More information about the Hecnet-list mailing list