Log a message about entering or leaving permanently promiscuous mode,

as it is done for usual promiscuous mode already.  This info is important
because promiscuous mode in the hands of a malicious party can jeopardize
the whole network.

1 files changed, 10 insertions, 6 deletions

diff --git a/sys/net/if.c b/sys/net/if.c
index b5c8295..bc51abe 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -1266,14 +1266,18 @@ ifhwioctl(u_long cmd, struct ifnet *ifp, caddr_t data, struct thread *td)
 			if_up(ifp);
 			splx(s);
 		}
+		/* See if permanently promiscuous mode bit is about to flip */
+		if ((ifp->if_flags ^ new_flags) & IFF_PPROMISC) {
+			if (new_flags & IFF_PPROMISC)
+				ifp->if_flags |= IFF_PROMISC;
+			else if (ifp->if_pcount == 0)
+				ifp->if_flags &= ~IFF_PROMISC;
+			log(LOG_INFO, "%s: permanently promiscuous mode %s\n",
+			    ifp->if_xname,
+			    (new_flags & IFF_PPROMISC) ? "enabled" : "disabled");
+		}
 		ifp->if_flags = (ifp->if_flags & IFF_CANTCHANGE) |
 			(new_flags &~ IFF_CANTCHANGE);
-		if (new_flags & IFF_PPROMISC) {
-			/* Permanently promiscuous mode requested */
-			ifp->if_flags |= IFF_PROMISC;
-		} else if (ifp->if_pcount == 0) {
-			ifp->if_flags &= ~IFF_PROMISC;
-		}
 		if (ifp->if_ioctl) {
 			IFF_LOCKGIANT(ifp);
 			(void) (*ifp->if_ioctl)(ifp, cmd, data);