Programming interface MAC filter without enabling PROMISC on
an interface from user space.
tom at tomjudge.com
Mon Jan 14 10:39:31 PST 2008
Bruce M. Simpson wrote:
> Tom Judge wrote:
>> Thanks for the response. I have a quick grep of the src tree to find
>> an example of this being used and only found the following from
>> wpa_supplicant and I have a few questions:
>> * I am presuming that this will do what I want, am I correct?
> Yes, it will attempt to add the given link layer multicast group to the
> ifnet's underlying device driver.
>> * If I was only ever to add the address to an interface an never
>> delete it would this cause any problems? I.e. when lldpd ends, or is
>> restarted and tries to add the address again?
> SIOCADDMULTI is very low level, no resource tracking is performed; I
> changed its semantics to only allow one userland opener so that
> in-kernel refcounting would work, as there is no per-process or
> per-client resource tracking -- so it's a really good idea to clean up
> after it.
>> * Alternatively is there a way to query the filter to ask what
>> addresses it is currently programmed for?
> Nope, there is no userland or kernel API for that unless you hack up the
Ok, so if I can safely assume that the process sending/receiving the
LLDP frames should always be running would it be safe to use a helper
program to add the mac on system startup so it is always registered on
particular interfaces for the uptime of the system rather than having
the daemon add/remove the address on startup shutdown? If not what
problems would this create?
Personally I can't see why this approach would be a problem, but I am
not a expert. The address is defined in IEEE Std 802.1D-2004 as to not
be forwarded by bridges (which I interpret as it being link local in a
sense as switches/bridges are not allowed to forward the frame), so I
can't see it being a problem registered on multiple interfaces.
On a side note does anyone know if if_bridge will respect the standard
and not forward this frame on to other interfaces?
More information about the freebsd-net