Sorry for the late reply but i have been busy with work.
Read below...
On Sun, Jul 19, 2009 at 2:29 AM, Evgeny
Yurchenko<evgeny.yurche...@frontline.ca> wrote:
>> -----Original Message-----
>> From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On
>> Behalf Of Chris Buechler
>> Sent: July 18, 2009 3:50 AM
>> To: support@pfsense.com
>> Subject: Re: [pfSense Support] IGMP packet out of WAN
>>
>> On Mon, Jul 13, 2009 at 6:59 PM, Evgeny
>> Yurchenko<evgeny.yurche...@frontline.ca> wrote:
>> >
>> > No, I can not see in logs. But on LAN I have
>> >
>> > 18:55:24.602839 IP 192.168.1.2 > 224.0.0.22: igmp v2 report
>> > 239.142.1.1
>> >
>> > It does not go out of WAN. And when I disable packet
>> filtering it does go out of WAN.
>> >
>>
>> You're using the IGMP proxy package on 1.2.x I presume? It's
>> not blocking it if it isn't getting logged (unless you
>> disabled logging on the default rules), but it sounds like it
>> has some sort of impact on the traffic. I spent some time
>> working with that package and never could get it to pass the
>> traffic as it should, though the code it came from in 2.0 did
>> work for me. Haven't had time to go back and look at it further.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com For
>> additional commands, e-mail: support-h...@pfsense.com
>>
>> Commercial support available - https://portal.pfsense.org
>>
>>
> Yes, I use 1.2 release. I am sorry for misinforming you. When I disable
> packet filtering then packet received on LAN goes to WAN which is quite
> expected behaviour, so it is not packet generated by igmpproxy.
> My findings are here. I get in debug mode:
> igmpproxy, Version 0.1 beta2, Build 090427
> Copyright 2005 by Johnny Egeland <joh...@rlo.org>
> Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check
> GPL.txt
>
> Debu: Searching for config file at '/tmp/igmpproxy.conf'
> Debu: Config: Quick leave mode enabled.
> Debu: Config: Got a phyint token.
> Debu: Config: IF: Config for interface bge0.
> Debu: Config: IF: Got downstream token.
> Debu: Config: IF: Got ratelimit token '0'.
> Debu: Config: IF: Got threshold token '1'.
> Debu: Config: IF: Got altnet token 224.0.0.0/4.
> Debu: Config: IF: Altnet: Parsed altnet to 224/4.
> Debu: IF name : bge0
> Debu: Next ptr : 0
> Debu: Ratelimit : 0
> Debu: Threshold : 1
> Debu: State : 2
> Debu: Allowednet ptr : 2820c030
> Debu: Config: Got a phyint token.
> Debu: Config: IF: Config for interface bge1.
> Debu: Config: IF: Got upstream token.
> Debu: Config: IF: Got ratelimit token '0'.
> Debu: Config: IF: Got threshold token '1'.
> Debu: Config: IF: Got altnet token 224.0.0.0/4.
> Debu: Config: IF: Altnet: Parsed altnet to 224/4.
> Debu: IF name : bge1
> Debu: Next ptr : 0
> Debu: Ratelimit : 0
> Debu: Threshold : 1
> Debu: State : 1
> Debu: Allowednet ptr : 2820c040
> Debu: Adding Physical Index value of IF 'bge0' is 1
> Debu: buildIfVc: Interface bge0 Addr: 192.168.1.1, Flags: 0xffff8943,
> Network: 192.168.1/24
> Debu: Adding Physical Index value of IF 'bge1' is 2
> Debu: buildIfVc: Interface bge1 Addr: 192.168.7.171, Flags: 0xffff8843,
> Network: 192.168.7/24
> Debu: Adding Physical Index value of IF 'lo0' is 6
> Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049,
> Network: 127/8
> Debu: Found config for bge1
> Note: adding VIF, Ix 0 Fl 0x0 IP 0x0101a8c0 bge0, Threshold: 1,
> Ratelimit: 0
> Debu: Network for [bge0] : 192.168.1/24
> Note: adding VIF, Ix 1 Fl 0x0 IP 0xab07a8c0 bge1, Threshold: 1,
> Ratelimit: 0
> Debu: Network for [bge1] : 192.168.7/24
> Debu: Network for [bge1] : 224/4
> Debu: Got 262144 byte buffer size in 0 iterations
> Debu: Joining all-routers group 224.0.0.2 on vif 192.168.1.1
> Note: joinMcGroup: 224.0.0.2 on bge0
> Debu: SENT Membership query from 192.168.1.1 to 224.0.0.1
> Debu: Sent membership query from 192.168.1.1 to 224.0.0.1. Delay: 10
> Debu: Created timeout 1 (#0) - delay 10 secs
> Debu: (Id:1, Time:10)
> Debu: Created timeout 2 (#1) - delay 21 secs
> Debu: (Id:1, Time:10)
> Debu: (Id:2, Time:21)
> Debu: Packet from 192.168.1.1: proto: 2 hdrlen: 20 iplen: 8 or 2048
> Note: RECV Membership query from 192.168.1.1 to 224.0.0.1 (ip_hl
> 20, data 8)
> ^[[5~Debu: About to call timeout 1 (#0)
> Debu: Aging routes in table.
> Debu:
> Current routing table (Age active routes);
> -----------------------------------------------------
>
> Debu: No routes in table...
> Debu:
> -------------------------------
>
>
> Then I run small program on my laptop connected to LAN and generating
> IGMP membership reports and indeed igmpproxy sees them:
> Debu: Packet from 192.168.1.2: proto: 2 hdrlen: 20 iplen: 8 or 2048
> Note: RECV V2 member report from 192.168.1.2 to 224.0.0.22 (ip_hl
> 20, data 8)
> Debu: Should insert group 239.142.1.1 (from: 192.168.1.2) to route
> table. Vif Ix : 0
> Debu: No existing route for 239.142.1.1. Create new.
> Debu: No routes in table. Insert at beginning.
> Info: Inserted route table entry for 239.142.1.1 on VIF #0
> Debu: Joining group 239.142.1.1 upstream on IF address 192.168.7.171
> Note: joinMcGroup: 239.142.1.1 on bge1
> Debu:
> Current routing table (Insert Route);
> -----------------------------------------------------
>
> Debu: #0: Dst: 239.142.1.1, Age:2, St: I, OutVifs: 0x00000001
> Debu:
> -----------------------------------------------------
>
> But this IGMP packet never goes to WAN interface...
> Code from mcgroup.c:
> {
> my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt,
> inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" );
> }
>
> if( setsockopt( UdpSock, IPPROTO_IP,
> Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP,
Try to make IP_ADD_MEMBERSHIP to IP_ADD_SOURCE_MEMBERSHIP
the same for the DROP just add a SOURCE_ and test.
It should work that way.
> (void *)&CtlReq, sizeof( CtlReq ) ) )
> {
> my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd ==
> 'j' ? "ADD" : "DROP" );
> return 1;
> }
>
> return 0;
>
> Code before setsockopt() is executed as we see it in dump. setsockopt()
> is then also executed without error as we do not see any errors but this
> setsockopt() call must generate IGMP membership report on WAN though it
> does not happen. Could anybody explain this please?
> Thanks.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>
--
Ermal
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
