On Jun 8, 2012, at 2:00 AM, Johnny Billquist wrote:
On 2012-06-08 01:13, Dave McGuire wrote:
On 06/07/2012 08:16 AM, Johnny Billquist wrote:
Any program that needs access to raw ethernet packets needs to run as
root. Promiscuous mode or not. Promiscuous mode itself has little to do
with this.
So if you want to run anything like a bridge or a router, you will need
to run it as root. Promiscuous mode is basically just allowing you to
share the same interface as the system is otherwise using, instead of
having to dedicate a separate ethernet interface for this.
Maybe you're just putting this another way, but promiscuous mode is
correctly defined a bit differently than this. When an Ethernet
controller is placed into promiscuous mode, its on-chip MAC address
filters, which normally either select or ignore inbound packets based on
their MAC address, are disabled. ALL packets are received by the
hardware and passed to the Ethernet driver in the OS, rather than only
the ones destined for that specific interface as defined by its MAC address.
I'm reasonably certain that you know this but were just explaining it
in a more abstract way...?
Yes. Well, actually I wasn't describing it in a more abstract way, but in a way more
in terms of why you need promiscuous mode instead of what it actually does on the
interface.
But reading it through now, I see that there was one implicit assumption in my text which
I could have pointed out.
If you need to share the device with the system, while using a different MAC address, you
need to place the device in promiscuous mode. And such is the case if we talk DECnet,
since DECnet requires that you use a specific MAC address which is not the same as the
default MAC address of a device.
That's true if you have a NIC and driver that only allows one individual address per
physical MAC. Most modern NICs allow multiple individual addresses since the address
filter is an exact match on N (say, 16 or so) addresses, and it doesn't care whether
those are individual or multicast. The host OS drivers may or may not export that
feature. If they do, then you don't need promiscuous mode. If they don't, or
if the NIC is old enough that it can't do this, then you do.
paul