Project

General

Profile

Feature #13653

Updated by Jason King 10 months ago

Currently Today in snoop(1M), snoop(1M) if it fails to enable (physical) promiscuous mode on an interface(@dlpi_promiscon(dh, DL_PROMISC_PHYS)@), it exits with a fatal error. We should instead just emit a warning to the the process operator who can then choose to setup either cancel the desired interface for capture is (very) roughly: 

 <pre> 
 if (!PFlg) { /* no -P flag given */  
     if (dlpi_promiscon(dh, DL_PROMISC_PHYS) != DLPI_SUCCESS) 
         exit(FAILURE) 
 } else { 
     if (dlpi_promiscon(dh, DL_PROMISC_MULTI) != DLPI_SUCCESS) 
         exit(FAILURE) 
 } 

 dlpi_promiscon(dh, DL_PROMISC_SAP) 
 </pre> 

 Some interfaces may command, or continue knowing that not support (or all traffic may have disabled) support be captured. 

 This will be useful for either interfaces such as vioif where the physical or multicast promiscuous mode (e.g. a hypervisor may disallow vioif to enable prohibit enabling promiscuous mode on an interface for security reasons), though the final @dlpi_promiscon(DL_PROMISC_SAP)@ still works reasons. 

 Instead of fatally existing, it can still It should also be useful to be able to capture whatever traffic noted that this is available via not the use of @DL_PROMISC_SAP@. We should change same as the fatal errors into warnings and proceed. An operator can then choose to cancel @-P@ flag -- at least with VirtualBox as a Hypervisor, the capture if they want. 
 population of packets seen with -P vs. no flag (but with enabling @DL_PROMISC_PHYS@) is distinctly different.

Back