howto set PROMISCUOUS MODE and enable it in openvswitch ?

by iman

hi. setting on nic card is so simple :

enabling :    # ifconfig ethX promisc

disable :      # ifconfig ethX -promisc

you can add this feature in /etc/network/interfaces like this :

auto ethX
iface ethX inet manual
up ifconfig $IFACE promisc

….

down ifconfig $IFACE -promisc

————————————-

https://raw.githubusercontent.com/openvswitch/ovs/master/FAQ :

Q: Does Open vSwitch support configuring a port in promiscuous mode?

A: Yes.  How you configure it depends on what you mean by "promiscuous
   mode":

      - Conventionally, "promiscuous mode" is a feature of a network
        interface card.  Ordinarily, a NIC passes to the CPU only the
        packets actually destined to its host machine.  It discards
        the rest to avoid wasting memory and CPU cycles.  When
        promiscuous mode is enabled, however, it passes every packet
        to the CPU.  On an old-style shared-media or hub-based
        network, this allows the host to spy on all packets on the
        network.  But in the switched networks that are almost
        everywhere these days, promiscuous mode doesn't have much
        effect, because few packets not destined to a host are
        delivered to the host's NIC.

        This form of promiscuous mode is configured in the guest OS of
        the VMs on your bridge, e.g. with "ifconfig".

      - The VMware vSwitch uses a different definition of "promiscuous
        mode".  When you configure promiscuous mode on a VMware vNIC,
        the vSwitch sends a copy of every packet received by the
        vSwitch to that vNIC.  That has a much bigger effect than just
        enabling promiscuous mode in a guest OS.  Rather than getting
        a few stray packets for which the switch does not yet know the
        correct destination, the vNIC gets every packet.  The effect
        is similar to replacing the vSwitch by a virtual hub.

        This "promiscuous mode" is what switches normally call "port
        mirroring" or "SPAN".  For information on how to configure
        SPAN, see "How do I configure a port as a SPAN port, that is,
        enable mirroring of all traffic to that port?"

BTW : you can run 'netstat -i' to check if PROMISCUOUS MODE is enabled :
$ netstat -i

Look under the last column “Flg” for value “P”. If it’s there, it means promiscuous mode is enabled for that network interface. Is the flag really P and not M? Here’s a quick test. Check existing active flags:

[root@localhost ~]# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0  2075   0      0      0     1370      0      0      0 BPRU
lo   16436 0  1985    0    0      0     1985      0      0      0 LRU