Subject: problem with promiscous mode and vlans
To: None <>
From: Manuel Bouyer <>
List: tech-net
Date: 03/14/2003 18:57:48
there is currently a problem with promiscous mode and vlan(4) interfaces.
When a vlan interface is put in promiscous ode, the underlying inerface
is as well. But the packets for others hosts never get delivered to the
vlan interface, because they are filtered too early in ether_input().
The main problem is that this breaks bridges on top of vlans.

I see two ways of fixing this:
a) deliver the packet to vlans devices before the (ifp->if_flags & IFF_PROMISC)
   check. The bad effect is that we'll have to do this check again in
   vlan_input, and we'll test etype one more time.
b) add a new M_PROMISC mbuf flag, and set it in the (ifp->if_flags &
   IFF_PROMISC) check in ether_input instead of dropping the packet
   if it's not for us. We'll drop it later if approriate, either in
   vlan_input() or in the others switch (etype) cases.
   This may also allow to fix the XXX comment before
   (ifp->if_flags & IFF_PROMISC) in ether_input() (I didn't look at this

Comments ?

Manuel Bouyer, LIP6, Universite Paris VI. 
     NetBSD: 24 ans d'experience feront toujours la difference