Project

General

Profile

Actions

Feature #13653

closed

Failing to enable promiscuous mode should not be a fatal error in snoop(1M)

Added by Jason King 10 months ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
cmd - userland programs
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Currently in snoop(1M), the the process to setup the desired interface for capture is (very) roughly:

if (!PFlg) { /* no -P flag given */ 
    if (dlpi_promiscon(dh, DL_PROMISC_PHYS) != DLPI_SUCCESS)
        exit(FAILURE)
} else {
    if (dlpi_promiscon(dh, DL_PROMISC_MULTI) != DLPI_SUCCESS)
        exit(FAILURE)
}

dlpi_promiscon(dh, DL_PROMISC_SAP)

Some interfaces may not support (or may have disabled) support for either the physical or multicast promiscuous mode (e.g. a hypervisor may disallow vioif to enable promiscuous mode for security reasons), though the final dlpi_promiscon(DL_PROMISC_SAP) still works

Instead of fatally existing, it can still be useful to be able to capture whatever traffic is available via the use of DL_PROMISC_SAP. We should change the fatal errors into warnings and proceed. An operator can then choose to cancel the capture if they want.


Related issues

Related to illumos gate - Feature #13637: Support promiscuous mode on vioif interfacesClosedJason King

Actions
Actions

Also available in: Atom PDF