home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.protocols.appletalk:4294 comp.unix.ultrix:9101
- Path: sparky!uunet!decwrl!pa.dec.com!mogul
- From: mogul@pa.dec.com (Jeffrey Mogul)
- Newsgroups: comp.protocols.appletalk,comp.unix.ultrix
- Subject: Re: CAP & Ultrix 4.3 -- PF patches needed?
- Date: 29 Dec 1992 01:50:25 GMT
- Organization: DEC Western Research
- Lines: 29
- Message-ID: <1hoat1INNms6@usenet.pa.dec.com>
- References: <1992Dec17.171508.12289@ircam.fr> <Bzp8MA.3zr@alsvid.une.edu.au>
- NNTP-Posting-Host: jove.pa.dec.com
-
- In article <Bzp8MA.3zr@alsvid.une.edu.au> mark@alsvid.une.edu.au (Mark Garrett Internet: mark@arvak.une.edu.au Phone: +61 66 20 3859) writes:
- >> We just upgraded to 4.3, and recompiled CAP after having removed the
- >> ULT42PFBUG definition. The incantation used to start it comprizes
- >>
- >> pfconfig -a +c +p
- >
- > that -a is all +c means copyall +p means promiscous
- >
- >>
- >> (_without_ the ifconfig .. copyall) and it works fine. We didn't have
- >> to install any patches into the kernel.
- >
- > Having refreshed my memory with packet filter option. You should not
- >do this. It works with out it and defeats the purpose. It was a work around
- >for some bugs in the packetfilter code and is nolonger required.
-
- Actually, the original posting was right:
- DO do: pfconfig -a +c +p
- DON'T do: ifconfig .. copyall
- also, there was a patch for CAP that sets the ENCOPYALL mode bit for
- the packet filter file descriptor; that should NOT be used.
-
- Background: "ifconfig ... copyall" sets the driver into copy-all mode,
- no matter what. "pfconfig -a +c" allows an application to ask for
- copy-all mode, which is necessary for some uses of tcpdump (and not
- necessary for CAP any more). As long as CAP doesn't set the ENCOPYALL
- mode bit, the interface driver won't actually be in copy-all mode.
-
- -Jeff
-
