Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership
On Tue, Dec 18, 2018 at 07:13:28PM +, Stuart Henderson wrote: | On 2018-12-17, Fernando Gont wrote: | > On 1/10/18 17:18, Aham Brahmasmi wrote: | >> Hello misc, | >> | >> Running 6.4-beta from approximately a week ago. | >> | >> 1) How to determine the IPv6 multicast groups which have been joined by | >> a particular interface? | > | > Use ifmcstat | > | > But you need to install the corresponding package first. | > | > Thanks, | | ifmcstat hasn't worked since 2013, nobody fixed it after a round of | kernel changes to multicast. And the port was removed by danj as a result 2 months ago, after having been marked BROKEN for nearly five years. In those five years, nobody complained (at least, not to me), so aparently it wasn't a big loss :) Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership
On 2018-12-17, Fernando Gont wrote: > On 1/10/18 17:18, Aham Brahmasmi wrote: >> Hello misc, >> >> Running 6.4-beta from approximately a week ago. >> >> 1) How to determine the IPv6 multicast groups which have been joined by >> a particular interface? > > Use ifmcstat > > But you need to install the corresponding package first. > > Thanks, ifmcstat hasn't worked since 2013, nobody fixed it after a round of kernel changes to multicast.
Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership
On 1/10/18 17:18, Aham Brahmasmi wrote: > Hello misc, > > Running 6.4-beta from approximately a week ago. > > 1) How to determine the IPv6 multicast groups which have been joined by > a particular interface? Use ifmcstat But you need to install the corresponding package first. Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership
Stuart, > Yes the original code was in the original import from KAME. The code > that actually *processed* these queries was removed in the commit I > mentioned (so it seems your main concern is already dealt with), but > I think the interfaces are still joined to the group so will receive > those packets. I too think that the Node Information multicast group is joined when the interface comes up, but could not ascertain this for sure whether the group was being joined or not. Hence my 1st question - How to determine the list of IPv6 multicast groups joined by an interface? "netstat -g" does not return IPv6 multicast groups joined, because I think it deals with multicast routing rather than IPv6 multicast groups. I could not gather much from the results of apropos multicast[1]. Regards, ab [1] - https://man.openbsd.org/?query=multicast=1=0=default=OpenBSD-current -|-|-|-|-|-|-|--
Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership
On 2018/10/03 12:36, Aham Brahmasmi wrote:
> Hi Stuart,
>
> Thank you for your response.
>
> > > 2) How to disable an interface from joining IPv6 Node Information
> > > multicast group (RFC 4620)?
> > > In sys/netinet6/in6.c, the function in6_update_ifa contains the
> > > following lines:
> > >
> > > /*
> > > * join node information group address
> > > */
> > > if (in6_nigroup(ifp, hostname, hostnamelen, ) == 0) {
> > > imm = in6_joingroup(ifp, _addr, );
> > > if (!imm) {
> > > /* XXX not very fatal, go on... */
> > > } else {
> > > LIST_INSERT_HEAD(>ia6_memberships,
> > > imm, i6mm_chain);
> > > }
> > > }
> >
> > Not 100% sure but I think this may have been missed when support for
> > RFC 4620 was removed from the kernel in 2014
> >
> > https://github.com/openbsd/src/commit/43f29087ef2fc515510c43f9dd706f7bbd9e39b7
>
> You may be probably right, although I do not claim to understand IPv6.
> My best guess is that the code block might have been originally present
> in the KAME project.
Yes the original code was in the original import from KAME. The code
that actually *processed* these queries was removed in the commit I
mentioned (so it seems your main concern is already dealt with), but
I think the interfaces are still joined to the group so will receive
those packets.
Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership
Hi Stuart,
Thank you for your response.
> > 2) How to disable an interface from joining IPv6 Node Information
> > multicast group (RFC 4620)?
> > In sys/netinet6/in6.c, the function in6_update_ifa contains the
> > following lines:
> >
> > /*
> > * join node information group address
> > */
> > if (in6_nigroup(ifp, hostname, hostnamelen, ) == 0) {
> > imm = in6_joingroup(ifp, _addr, );
> > if (!imm) {
> > /* XXX not very fatal, go on... */
> > } else {
> > LIST_INSERT_HEAD(>ia6_memberships,
> > imm, i6mm_chain);
> > }
> > }
>
> Not 100% sure but I think this may have been missed when support for
> RFC 4620 was removed from the kernel in 2014
>
> https://github.com/openbsd/src/commit/43f29087ef2fc515510c43f9dd706f7bbd9e39b7
You may be probably right, although I do not claim to understand IPv6.
My best guess is that the code block might have been originally present
in the KAME project.
Regards,
ab
-|-|-|-|-|-|-|--
Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership
On 2018-10-01, Aham Brahmasmi wrote:
> 2) How to disable an interface from joining IPv6 Node Information
> multicast group (RFC 4620)?
> In sys/netinet6/in6.c, the function in6_update_ifa contains the
> following lines:
>
> /*
> * join node information group address
> */
> if (in6_nigroup(ifp, hostname, hostnamelen, ) == 0) {
> imm = in6_joingroup(ifp, _addr, );
> if (!imm) {
> /* XXX not very fatal, go on... */
> } else {
> LIST_INSERT_HEAD(>ia6_memberships,
> imm, i6mm_chain);
> }
> }
Not 100% sure but I think this may have been missed when support for
RFC 4620 was removed from the kernel in 2014
https://github.com/openbsd/src/commit/43f29087ef2fc515510c43f9dd706f7bbd9e39b7
IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership
Hello misc,
Running 6.4-beta from approximately a week ago.
1) How to determine the IPv6 multicast groups which have been joined by
a particular interface?
I have tried netstat but have been unsuccessful.
# ifconfig em0
em0:
flags=648843
mtu 1500
...
status: active
...
inet6 %em0 prefixlen 64 scopeid 0x1
inet6 prefixlen 64 autoconf pltime xx
vltime xxx
# cat /etc/pf.conf
...
pass quick on egress inet6 proto icmp6
...
# netstat -g
Virtual Interface Table is empty
Multicast Forwarding Cache is empty
IPv6 Multicast Interface Table is empty
IPv6 Multicast Routing Table is empty
2) How to disable an interface from joining IPv6 Node Information
multicast group (RFC 4620)?
In sys/netinet6/in6.c, the function in6_update_ifa contains the
following lines:
/*
* join node information group address
*/
if (in6_nigroup(ifp, hostname, hostnamelen, ) == 0) {
imm = in6_joingroup(ifp, _addr, );
if (!imm) {
/* XXX not very fatal, go on... */
} else {
LIST_INSERT_HEAD(>ia6_memberships,
imm, i6mm_chain);
}
}
Since I cannot determine the multicast groups that an interface joins,
I cannot ascertain whether the Node Information multicast group is
joined by the egress interface or not.
Some noteworthy excerpts/sections from RFC 4620:
Status of This Memo
This memo defines an Experimental Protocol for the Internet
community.
1. Introduction
This document specifies a mechanism for discovering information about
names and addresses. The applicability of these mechanisms is
currently limited to diagnostic and debugging tools and network
management (e.g., node discovery).
8. Security Considerations
https://tools.ietf.org/html/rfc4620#section-8
I understand that IPv6 is a challenging subject for me. In my layman
understanding, I am trying to disable RFC 4620 because it is an
experimental protocol with no evident use, for me atleast.
Thanks.
Regards,
ab
-|-|-|-|-|-|-|--
