> -----Original Message----- > From: Ermal Luçi [mailto:[email protected]] > Sent: July 20, 2009 2:38 PM > To: [email protected] > Subject: Re: [pfSense Support] IGMP packet out of WAN > > Sorry for the late reply but i have been busy with work. > Read below... > > On Sun, Jul 19, 2009 at 2:29 AM, Evgeny > Yurchenko<[email protected]> wrote: > >> -----Original Message----- > >> From: [email protected] [mailto:[email protected]] On > Behalf Of > >> Chris Buechler > >> Sent: July 18, 2009 3:50 AM > >> To: [email protected] > >> Subject: Re: [pfSense Support] IGMP packet out of WAN > >> > >> On Mon, Jul 13, 2009 at 6:59 PM, Evgeny > >> Yurchenko<[email protected]> wrote: > >> > > >> > No, I can not see in logs. But on LAN I have > >> > > >> > 18:55:24.602839 IP 192.168.1.2 > 224.0.0.22: igmp v2 report > >> > 239.142.1.1 > >> > > >> > It does not go out of WAN. And when I disable packet > >> filtering it does go out of WAN. > >> > > >> > >> You're using the IGMP proxy package on 1.2.x I presume? It's not > >> blocking it if it isn't getting logged (unless you > disabled logging > >> on the default rules), but it sounds like it has some sort > of impact > >> on the traffic. I spent some time working with that > package and never > >> could get it to pass the traffic as it should, though the code it > >> came from in 2.0 did work for me. Haven't had time to go back and > >> look at it further. > >> > >> > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] For > >> additional commands, e-mail: [email protected] > >> > >> Commercial support available - https://portal.pfsense.org > >> > >> > > Yes, I use 1.2 release. I am sorry for misinforming you. When I > > disable packet filtering then packet received on LAN goes > to WAN which > > is quite expected behaviour, so it is not packet generated > by igmpproxy. > > My findings are here. I get in debug mode: > > igmpproxy, Version 0.1 beta2, Build 090427 Copyright 2005 by Johnny > > Egeland <[email protected]> Distributed under the GNU GENERAL PUBLIC > > LICENSE, Version 2 - check GPL.txt > > > > Debu: Searching for config file at '/tmp/igmpproxy.conf' > > Debu: Config: Quick leave mode enabled. > > Debu: Config: Got a phyint token. > > Debu: Config: IF: Config for interface bge0. > > Debu: Config: IF: Got downstream token. > > Debu: Config: IF: Got ratelimit token '0'. > > Debu: Config: IF: Got threshold token '1'. > > Debu: Config: IF: Got altnet token 224.0.0.0/4. > > Debu: Config: IF: Altnet: Parsed altnet to 224/4. > > Debu: IF name : bge0 > > Debu: Next ptr : 0 > > Debu: Ratelimit : 0 > > Debu: Threshold : 1 > > Debu: State : 2 > > Debu: Allowednet ptr : 2820c030 > > Debu: Config: Got a phyint token. > > Debu: Config: IF: Config for interface bge1. > > Debu: Config: IF: Got upstream token. > > Debu: Config: IF: Got ratelimit token '0'. > > Debu: Config: IF: Got threshold token '1'. > > Debu: Config: IF: Got altnet token 224.0.0.0/4. > > Debu: Config: IF: Altnet: Parsed altnet to 224/4. > > Debu: IF name : bge1 > > Debu: Next ptr : 0 > > Debu: Ratelimit : 0 > > Debu: Threshold : 1 > > Debu: State : 1 > > Debu: Allowednet ptr : 2820c040 > > Debu: Adding Physical Index value of IF 'bge0' is 1 > > Debu: buildIfVc: Interface bge0 Addr: 192.168.1.1, Flags: > 0xffff8943, > > Network: 192.168.1/24 > > Debu: Adding Physical Index value of IF 'bge1' is 2 > > Debu: buildIfVc: Interface bge1 Addr: 192.168.7.171, Flags: > > 0xffff8843, > > Network: 192.168.7/24 > > Debu: Adding Physical Index value of IF 'lo0' is 6 > > Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, > > Network: 127/8 > > Debu: Found config for bge1 > > Note: adding VIF, Ix 0 Fl 0x0 IP 0x0101a8c0 bge0, Threshold: 1, > > Ratelimit: 0 > > Debu: Network for [bge0] : 192.168.1/24 > > Note: adding VIF, Ix 1 Fl 0x0 IP 0xab07a8c0 bge1, Threshold: 1, > > Ratelimit: 0 > > Debu: Network for [bge1] : 192.168.7/24 > > Debu: Network for [bge1] : 224/4 > > Debu: Got 262144 byte buffer size in 0 iterations > > Debu: Joining all-routers group 224.0.0.2 on vif 192.168.1.1 > > Note: joinMcGroup: 224.0.0.2 on bge0 > > Debu: SENT Membership query from 192.168.1.1 to 224.0.0.1 > > Debu: Sent membership query from 192.168.1.1 to 224.0.0.1. Delay: 10 > > Debu: Created timeout 1 (#0) - delay 10 secs > > Debu: (Id:1, Time:10) > > Debu: Created timeout 2 (#1) - delay 21 secs > > Debu: (Id:1, Time:10) > > Debu: (Id:2, Time:21) > > Debu: Packet from 192.168.1.1: proto: 2 hdrlen: 20 iplen: 8 or 2048 > > Note: RECV Membership query from 192.168.1.1 to > 224.0.0.1 (ip_hl > > 20, data 8) > > ^[[5~Debu: About to call timeout 1 (#0) > > Debu: Aging routes in table. > > Debu: > > Current routing table (Age active routes); > > ----------------------------------------------------- > > > > Debu: No routes in table... > > Debu: > > ------------------------------- > > > > > > Then I run small program on my laptop connected to LAN and > generating > > IGMP membership reports and indeed igmpproxy sees them: > > Debu: Packet from 192.168.1.2: proto: 2 hdrlen: 20 iplen: 8 or 2048 > > Note: RECV V2 member report from 192.168.1.2 to 224.0.0.22 > > (ip_hl 20, data 8) > > Debu: Should insert group 239.142.1.1 (from: 192.168.1.2) to route > > table. Vif Ix : 0 > > Debu: No existing route for 239.142.1.1. Create new. > > Debu: No routes in table. Insert at beginning. > > Info: Inserted route table entry for 239.142.1.1 on VIF #0 > > Debu: Joining group 239.142.1.1 upstream on IF address 192.168.7.171 > > Note: joinMcGroup: 239.142.1.1 on bge1 > > Debu: > > Current routing table (Insert Route); > > ----------------------------------------------------- > > > > Debu: #0: Dst: 239.142.1.1, Age:2, St: I, OutVifs: 0x00000001 > > Debu: > > ----------------------------------------------------- > > > > But this IGMP packet never goes to WAN interface... > > Code from mcgroup.c: > > { > > my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, > > inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" ); > > } > > > > if( setsockopt( UdpSock, IPPROTO_IP, > > Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, > > Try to make IP_ADD_MEMBERSHIP to IP_ADD_SOURCE_MEMBERSHIP > > the same for the DROP just add a SOURCE_ and test. > > It should work that way. > > > > (void *)&CtlReq, sizeof( CtlReq ) ) ) > > { > > my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP > failed", Cmd == > > 'j' ? "ADD" : "DROP" ); > > return 1; > > } > > > > return 0; > > > > Code before setsockopt() is executed as we see it in dump. > > setsockopt() is then also executed without error as we do > not see any > > errors but this > > setsockopt() call must generate IGMP membership report on > WAN though > > it does not happen. Could anybody explain this please? > > Thanks. > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] For > additional > > commands, e-mail: [email protected] > > > > Commercial support available - https://portal.pfsense.org > > > > > > > > -- > Ermal > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For > additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > It seems it is not enough to call setsockopt() with IP_ADD_MEMBERSHIP as it just tells kernel to receive packets destined to certain multicast address. To actually generate IGMP-membership packet we have to call sendto() with IGMP_V2_MEMBERSHIP_REPORT. Thanks, Eugene.
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
