> -----Original Message----- > From: Evgeny Yurchenko [mailto:[email protected]] > Sent: July 21, 2009 8:25 PM > To: [email protected] > Subject: RE: [pfSense Support] IGMP packet out of WAN > > > -----Original Message----- > > From: Ermal Luçi [mailto:[email protected]] > > Sent: July 20, 2009 2:38 PM > > To: [email protected] > > Subject: Re: [pfSense Support] IGMP packet out of WAN > > > > Sorry for the late reply but i have been busy with work. > > Read below... > > > > On Sun, Jul 19, 2009 at 2:29 AM, Evgeny > > Yurchenko<[email protected]> wrote: > > >> -----Original Message----- > > >> From: [email protected] [mailto:[email protected]] On > > Behalf Of > > >> Chris Buechler > > >> Sent: July 18, 2009 3:50 AM > > >> To: [email protected] > > >> Subject: Re: [pfSense Support] IGMP packet out of WAN > > >> > > >> On Mon, Jul 13, 2009 at 6:59 PM, Evgeny > > >> Yurchenko<[email protected]> wrote: > > >> > > > >> > No, I can not see in logs. But on LAN I have > > >> > > > >> > 18:55:24.602839 IP 192.168.1.2 > 224.0.0.22: igmp v2 report > > >> > 239.142.1.1 > > >> > > > >> > It does not go out of WAN. And when I disable packet > > >> filtering it does go out of WAN. > > >> > > > >> > > >> You're using the IGMP proxy package on 1.2.x I presume? It's not > > >> blocking it if it isn't getting logged (unless you > > disabled logging > > >> on the default rules), but it sounds like it has some sort > > of impact > > >> on the traffic. I spent some time working with that > > package and never > > >> could get it to pass the traffic as it should, though > the code it > > >> came from in 2.0 did work for me. Haven't had time to go > back and > > >> look at it further. > > >> > > >> > > > --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [email protected] For > > >> additional commands, e-mail: [email protected] > > >> > > >> Commercial support available - https://portal.pfsense.org > > >> > > >> > > > Yes, I use 1.2 release. I am sorry for misinforming you. When I > > > disable packet filtering then packet received on LAN goes > > to WAN which > > > is quite expected behaviour, so it is not packet generated > > by igmpproxy. > > > My findings are here. I get in debug mode: > > > igmpproxy, Version 0.1 beta2, Build 090427 Copyright 2005 > by Johnny > > > Egeland <[email protected]> Distributed under the GNU GENERAL PUBLIC > > > LICENSE, Version 2 - check GPL.txt > > > > > > Debu: Searching for config file at '/tmp/igmpproxy.conf' > > > Debu: Config: Quick leave mode enabled. > > > Debu: Config: Got a phyint token. > > > Debu: Config: IF: Config for interface bge0. > > > Debu: Config: IF: Got downstream token. > > > Debu: Config: IF: Got ratelimit token '0'. > > > Debu: Config: IF: Got threshold token '1'. > > > Debu: Config: IF: Got altnet token 224.0.0.0/4. > > > Debu: Config: IF: Altnet: Parsed altnet to 224/4. > > > Debu: IF name : bge0 > > > Debu: Next ptr : 0 > > > Debu: Ratelimit : 0 > > > Debu: Threshold : 1 > > > Debu: State : 2 > > > Debu: Allowednet ptr : 2820c030 > > > Debu: Config: Got a phyint token. > > > Debu: Config: IF: Config for interface bge1. > > > Debu: Config: IF: Got upstream token. > > > Debu: Config: IF: Got ratelimit token '0'. > > > Debu: Config: IF: Got threshold token '1'. > > > Debu: Config: IF: Got altnet token 224.0.0.0/4. > > > Debu: Config: IF: Altnet: Parsed altnet to 224/4. > > > Debu: IF name : bge1 > > > Debu: Next ptr : 0 > > > Debu: Ratelimit : 0 > > > Debu: Threshold : 1 > > > Debu: State : 1 > > > Debu: Allowednet ptr : 2820c040 > > > Debu: Adding Physical Index value of IF 'bge0' is 1 > > > Debu: buildIfVc: Interface bge0 Addr: 192.168.1.1, Flags: > > 0xffff8943, > > > Network: 192.168.1/24 > > > Debu: Adding Physical Index value of IF 'bge1' is 2 > > > Debu: buildIfVc: Interface bge1 Addr: 192.168.7.171, Flags: > > > 0xffff8843, > > > Network: 192.168.7/24 > > > Debu: Adding Physical Index value of IF 'lo0' is 6 > > > Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, > > > Network: 127/8 > > > Debu: Found config for bge1 > > > Note: adding VIF, Ix 0 Fl 0x0 IP 0x0101a8c0 bge0, Threshold: 1, > > > Ratelimit: 0 > > > Debu: Network for [bge0] : 192.168.1/24 > > > Note: adding VIF, Ix 1 Fl 0x0 IP 0xab07a8c0 bge1, Threshold: 1, > > > Ratelimit: 0 > > > Debu: Network for [bge1] : 192.168.7/24 > > > Debu: Network for [bge1] : 224/4 > > > Debu: Got 262144 byte buffer size in 0 iterations > > > Debu: Joining all-routers group 224.0.0.2 on vif 192.168.1.1 > > > Note: joinMcGroup: 224.0.0.2 on bge0 > > > Debu: SENT Membership query from 192.168.1.1 to 224.0.0.1 > > > Debu: Sent membership query from 192.168.1.1 to > 224.0.0.1. Delay: 10 > > > Debu: Created timeout 1 (#0) - delay 10 secs > > > Debu: (Id:1, Time:10) > > > Debu: Created timeout 2 (#1) - delay 21 secs > > > Debu: (Id:1, Time:10) > > > Debu: (Id:2, Time:21) > > > Debu: Packet from 192.168.1.1: proto: 2 hdrlen: 20 iplen: > 8 or 2048 > > > Note: RECV Membership query from 192.168.1.1 to > > 224.0.0.1 (ip_hl > > > 20, data 8) > > > ^[[5~Debu: About to call timeout 1 (#0) > > > Debu: Aging routes in table. > > > Debu: > > > Current routing table (Age active routes); > > > ----------------------------------------------------- > > > > > > Debu: No routes in table... > > > Debu: > > > ------------------------------- > > > > > > > > > Then I run small program on my laptop connected to LAN and > > generating > > > IGMP membership reports and indeed igmpproxy sees them: > > > Debu: Packet from 192.168.1.2: proto: 2 hdrlen: 20 iplen: > 8 or 2048 > > > Note: RECV V2 member report from 192.168.1.2 to 224.0.0.22 > > > (ip_hl 20, data 8) > > > Debu: Should insert group 239.142.1.1 (from: 192.168.1.2) > to route > > > table. Vif Ix : 0 > > > Debu: No existing route for 239.142.1.1. Create new. > > > Debu: No routes in table. Insert at beginning. > > > Info: Inserted route table entry for 239.142.1.1 on VIF #0 > > > Debu: Joining group 239.142.1.1 upstream on IF address > 192.168.7.171 > > > Note: joinMcGroup: 239.142.1.1 on bge1 > > > Debu: > > > Current routing table (Insert Route); > > > ----------------------------------------------------- > > > > > > Debu: #0: Dst: 239.142.1.1, Age:2, St: I, OutVifs: 0x00000001 > > > Debu: > > > ----------------------------------------------------- > > > > > > But this IGMP packet never goes to WAN interface... > > > Code from mcgroup.c: > > > { > > > my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, > > > inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : > "<any>" ); > > > } > > > > > > if( setsockopt( UdpSock, IPPROTO_IP, > > > Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, > > > > Try to make IP_ADD_MEMBERSHIP to IP_ADD_SOURCE_MEMBERSHIP > > > > the same for the DROP just add a SOURCE_ and test. > > > > It should work that way. > > > > > > > (void *)&CtlReq, sizeof( CtlReq ) ) ) > > > { > > > my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP > > failed", Cmd == > > > 'j' ? "ADD" : "DROP" ); > > > return 1; > > > } > > > > > > return 0; > > > > > > Code before setsockopt() is executed as we see it in dump. > > > setsockopt() is then also executed without error as we do > > not see any > > > errors but this > > > setsockopt() call must generate IGMP membership report on > > WAN though > > > it does not happen. Could anybody explain this please? > > > Thanks. > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] For > > additional > > > commands, e-mail: [email protected] > > > > > > Commercial support available - https://portal.pfsense.org > > > > > > > > > > > > > > -- > > Ermal > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] For > additional > > commands, e-mail: [email protected] > > > > Commercial support available - https://portal.pfsense.org > > > > > It seems it is not enough to call setsockopt() with > IP_ADD_MEMBERSHIP as it just tells kernel to receive packets > destined to certain multicast address. > To actually generate IGMP-membership packet we have to call > sendto() with IGMP_V2_MEMBERSHIP_REPORT. > Thanks, > Eugene. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For > additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > Suddenly I discovered pfSense-development distribution which has compiler (yes, I was that stupid thad had not paid attention that there wer such thing). Now I'd like to play with igmpproxy package. Where do I download source code from? I tried to pick it up from ftp.freebsd.org/pub/FreeBSD/ports/igmpproxy-src-0.1-beta2.tar.gz and it gives me tons of erros when make. Any hint on reading about approach I should take or brief advice would be greatly appreciated. Thanks, Eugene.
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
