[realtek] Re: SIOCSIFFLAGS problem witn rtl8139

Jason Lunz lunz-mlist@falooley.org
Fri Jun 7 19:20:01 2002


jgarzik@mandrakesoft.com said:
> I found out recently that SIOCSIFFLAGS is somewhat deprecated...
> Currently some of the features set/cleared with SIFFLAGS are reference
> counted, which makes a clean set/unset implementation impractical.  I
> found this out the hard way, when Mandrake's security scanner -- which
> checks promisc and other flags -- suddenly started going whacko in
> 2.4.x kernels.

Are there flags other than IFF_PROMISC that are reference counted? I'm
aware of the reference-counted interface to device promiscuity you get
by using the PACKET_ADD_MEMBERSHIP sockopt on packet sockets, but I
don't know about any others. 

In the case of promiscuity, I still haven't tracked down a bug I've seen
in the presence of linux bridging where the actual device promiscuity
becomes inverted with respect to the reference count. (i.e. the device
is promiscuous only when the refcount is 0).

-- 
Jason Lunz			Reflex Security
lunz@reflexsecurity.com		http://www.reflexsecurity.com/