> -----Original Message-----
> From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On
> Behalf Of Chris Buechler
> Sent: July 18, 2009 3:50 AM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] IGMP packet out of WAN
>
> On Mon, Jul 13, 2009 at 6:59 PM, Evgeny
> Yurchenko<evgeny.yurche...@frontline.ca> wrote:
> >
> > No, I can not see in logs. But on LAN I have
> >
> > 18:55:24.602839 IP 192.168.1.2 > 224.0.0.22: igmp v2 report
> > 239.142.1.1
> >
> > It does not go out of WAN. And when I disable packet
> filtering it does go out of WAN.
> >
>
> You're using the IGMP proxy package on 1.2.x I presume? It's
> not blocking it if it isn't getting logged (unless you
> disabled logging on the default rules), but it sounds like it
> has some sort of impact on the traffic. I spent some time
> working with that package and never could get it to pass the
> traffic as it should, though the code it came from in 2.0 did
> work for me. Haven't had time to go back and look at it further.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com For
> additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>
Yes, I use 1.2 release. I am sorry for misinforming you. When I disable
packet filtering then packet received on LAN goes to WAN which is quite
expected behaviour, so it is not packet generated by igmpproxy.
My findings are here. I get in debug mode:
igmpproxy, Version 0.1 beta2, Build 090427
Copyright 2005 by Johnny Egeland <joh...@rlo.org>
Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check
GPL.txt
Debu: Searching for config file at '/tmp/igmpproxy.conf'
Debu: Config: Quick leave mode enabled.
Debu: Config: Got a phyint token.
Debu: Config: IF: Config for interface bge0.
Debu: Config: IF: Got downstream token.
Debu: Config: IF: Got ratelimit token '0'.
Debu: Config: IF: Got threshold token '1'.
Debu: Config: IF: Got altnet token 224.0.0.0/4.
Debu: Config: IF: Altnet: Parsed altnet to 224/4.
Debu: IF name : bge0
Debu: Next ptr : 0
Debu: Ratelimit : 0
Debu: Threshold : 1
Debu: State : 2
Debu: Allowednet ptr : 2820c030
Debu: Config: Got a phyint token.
Debu: Config: IF: Config for interface bge1.
Debu: Config: IF: Got upstream token.
Debu: Config: IF: Got ratelimit token '0'.
Debu: Config: IF: Got threshold token '1'.
Debu: Config: IF: Got altnet token 224.0.0.0/4.
Debu: Config: IF: Altnet: Parsed altnet to 224/4.
Debu: IF name : bge1
Debu: Next ptr : 0
Debu: Ratelimit : 0
Debu: Threshold : 1
Debu: State : 1
Debu: Allowednet ptr : 2820c040
Debu: Adding Physical Index value of IF 'bge0' is 1
Debu: buildIfVc: Interface bge0 Addr: 192.168.1.1, Flags: 0xffff8943,
Network: 192.168.1/24
Debu: Adding Physical Index value of IF 'bge1' is 2
Debu: buildIfVc: Interface bge1 Addr: 192.168.7.171, Flags: 0xffff8843,
Network: 192.168.7/24
Debu: Adding Physical Index value of IF 'lo0' is 6
Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049,
Network: 127/8
Debu: Found config for bge1
Note: adding VIF, Ix 0 Fl 0x0 IP 0x0101a8c0 bge0, Threshold: 1,
Ratelimit: 0
Debu: Network for [bge0] : 192.168.1/24
Note: adding VIF, Ix 1 Fl 0x0 IP 0xab07a8c0 bge1, Threshold: 1,
Ratelimit: 0
Debu: Network for [bge1] : 192.168.7/24
Debu: Network for [bge1] : 224/4
Debu: Got 262144 byte buffer size in 0 iterations
Debu: Joining all-routers group 224.0.0.2 on vif 192.168.1.1
Note: joinMcGroup: 224.0.0.2 on bge0
Debu: SENT Membership query from 192.168.1.1 to 224.0.0.1
Debu: Sent membership query from 192.168.1.1 to 224.0.0.1. Delay: 10
Debu: Created timeout 1 (#0) - delay 10 secs
Debu: (Id:1, Time:10)
Debu: Created timeout 2 (#1) - delay 21 secs
Debu: (Id:1, Time:10)
Debu: (Id:2, Time:21)
Debu: Packet from 192.168.1.1: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV Membership query from 192.168.1.1 to 224.0.0.1 (ip_hl
20, data 8)
^[[5~Debu: About to call timeout 1 (#0)
Debu: Aging routes in table.
Debu:
Current routing table (Age active routes);
-----------------------------------------------------
Debu: No routes in table...
Debu:
-------------------------------
Then I run small program on my laptop connected to LAN and generating
IGMP membership reports and indeed igmpproxy sees them:
Debu: Packet from 192.168.1.2: proto: 2 hdrlen: 20 iplen: 8 or 2048
Note: RECV V2 member report from 192.168.1.2 to 224.0.0.22 (ip_hl
20, data 8)
Debu: Should insert group 239.142.1.1 (from: 192.168.1.2) to route
table. Vif Ix : 0
Debu: No existing route for 239.142.1.1. Create new.
Debu: No routes in table. Insert at beginning.
Info: Inserted route table entry for 239.142.1.1 on VIF #0
Debu: Joining group 239.142.1.1 upstream on IF address 192.168.7.171
Note: joinMcGroup: 239.142.1.1 on bge1
Debu:
Current routing table (Insert Route);
-----------------------------------------------------
Debu: #0: Dst: 239.142.1.1, Age:2, St: I, OutVifs: 0x00000001
Debu:
-----------------------------------------------------
But this IGMP packet never goes to WAN interface...
Code from mcgroup.c:
{
my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt,
inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" );
}
if( setsockopt( UdpSock, IPPROTO_IP,
Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP,
(void *)&CtlReq, sizeof( CtlReq ) ) )
{
my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd ==
'j' ? "ADD" : "DROP" );
return 1;
}
return 0;
Code before setsockopt() is executed as we see it in dump. setsockopt()
is then also executed without error as we do not see any errors but this
setsockopt() call must generate IGMP membership report on WAN though it
does not happen. Could anybody explain this please?
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
