Date: Mon, 14 Jan 2008 18:39:28 +0000 From: Tom Judge <tom@tomjudge.com> To: "Bruce M. Simpson" <bms@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: Programming interface MAC filter without enabling PROMISC on an interface from user space. Message-ID: <478BAC60.9030506@tomjudge.com> In-Reply-To: <478B982B.304@FreeBSD.org> References: <478B7AB7.5010208@tomjudge.com> <478B88EE.7090307@FreeBSD.org> <478B9020.3000402@tomjudge.com> <478B982B.304@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce M. Simpson wrote: > Tom Judge wrote: >> Thanks for the response. I have a quick grep of the src tree to find >> an example of this being used and only found the following from >> wpa_supplicant and I have a few questions: >> >> * I am presuming that this will do what I want, am I correct? > > Yes, it will attempt to add the given link layer multicast group to the > ifnet's underlying device driver. >> >> * If I was only ever to add the address to an interface an never >> delete it would this cause any problems? I.e. when lldpd ends, or is >> restarted and tries to add the address again? > > SIOCADDMULTI is very low level, no resource tracking is performed; I > changed its semantics to only allow one userland opener so that > in-kernel refcounting would work, as there is no per-process or > per-client resource tracking -- so it's a really good idea to clean up > after it. > >> >> * Alternatively is there a way to query the filter to ask what >> addresses it is currently programmed for? > > Nope, there is no userland or kernel API for that unless you hack up the > driver. > Ok, so if I can safely assume that the process sending/receiving the LLDP frames should always be running would it be safe to use a helper program to add the mac on system startup so it is always registered on particular interfaces for the uptime of the system rather than having the daemon add/remove the address on startup shutdown? If not what problems would this create? Personally I can't see why this approach would be a problem, but I am not a expert. The address is defined in IEEE Std 802.1D-2004 as to not be forwarded by bridges (which I interpret as it being link local in a sense as switches/bridges are not allowed to forward the frame), so I can't see it being a problem registered on multiple interfaces. On a side note does anyone know if if_bridge will respect the standard and not forward this frame on to other interfaces? Thanks again Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?478BAC60.9030506>