>Number: 166255
>Category: kern
>Synopsis: [net] [patch] It should be possible to disable "promiscuous
>mode enabled" messages
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 19 21:00:27 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Eugene Grosbein
>Release: FreeBSD 8.3-PRERELEASE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.pp.ru 8.3-PRERELEASE FreeBSD 8.3-PRERELEASE #17: Tue
Mar 20 01:42:57 NOVT 2012
[email protected]:/usr/local/obj/usr/local/src/sys/DADV amd64
>Description:
We run large network providing local users with Internet access
using DHCP service. While we block malice DHCP servers in our net
using switches' layer 2 ACLs, configuration errors sometimes happen.
So, we also run network monitoring server based on FreeBSD
that periodically sends DHCP requests and waits for answers
to detect malice DHCP servers and warn us timely.
We use net-mgmt/dhcdrop to perform this task. dhcdrop utilizes BPF
and takes each of several thousands vlan interfaces to promiscous mode
on
at start and take it back at finish. This cycle runs several times
per minute producing tons of LOG_NOTICE kernel messages:
vlan1: promiscuous mode enabled
vlan2: promiscuous mode enabled
...
vlan1: promiscuous mode disabled
vlan2: promiscuous mode disabled
And so on. The server is diskless so it fills RAM-based /var/log
with these messages and floods our remote syslog collector.
It is not possible to filter those messages out
with means of syslog.conf only.
It should be possible to disable these messages in setups like ours
where they are excessive.
>How-To-Repeat:
See above.
>Fix:
The following patch introduces new sysctl named
net.link.log_promisc_mode_change with default value 1.
One may change it to 0 to disable mentioned warnings.
--- sys/net/if.c.orig 2012-03-20 03:13:12.000000000 +0700
+++ sys/net/if.c 2012-03-20 03:22:10.000000000 +0700
@@ -120,6 +120,12 @@
&ifdescr_maxlen, 0,
"administrative maximum length for interface description");
+static int log_promisc_mode_change = 1;
+
+SYSCTL_INT(_net_link, OID_AUTO, log_promisc_mode_change, CTLFLAG_RW,
+ &log_promisc_mode_change, 1,
+ "log promiscuous mode change events");
+
MALLOC_DEFINE(M_IFDESCR, "ifdescr", "ifnet descriptions");
/* global sx for non-critical path ifdescr */
@@ -2240,7 +2246,8 @@
ifp->if_flags |= IFF_PROMISC;
else if (ifp->if_pcount == 0)
ifp->if_flags &= ~IFF_PROMISC;
- log(LOG_INFO, "%s: permanently promiscuous mode %s\n",
+ if (log_promisc_mode_change)
+ log(LOG_INFO, "%s: permanently promiscuous mode %s\n",
ifp->if_xname,
(new_flags & IFF_PPROMISC) ? "enabled" :
"disabled");
}
@@ -2770,7 +2777,8 @@
error = if_setflag(ifp, IFF_PROMISC, IFF_PPROMISC,
&ifp->if_pcount, pswitch);
/* If promiscuous mode status has changed, log a message */
- if (error == 0 && ((ifp->if_flags ^ oldflags) & IFF_PROMISC))
+ if (error == 0 && log_promisc_mode_change &&
+ ((ifp->if_flags ^ oldflags) & IFF_PROMISC))
log(LOG_INFO, "%s: promiscuous mode %s\n",
ifp->if_xname,
(ifp->if_flags & IFF_PROMISC) ? "enabled" : "disabled");
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
